Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1532611
MD5: 50940cba9f55df1cb172952d0b03df56
SHA1: 933550875254bf6e565dd63005dfded7fda5ccfa
SHA256: b6737bd5cb107768640e737f9837fed8455d603ae9f86834a968d71f140cea48
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059C711 CryptVerifySignatureA, 0_2_0059C711
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1777686431.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmp
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D603F 0_2_003D603F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E0048 0_2_004E0048
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A8042 0_2_004A8042
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00482045 0_2_00482045
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FC02D 0_2_003FC02D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D 0_2_003E402D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F802A 0_2_003F802A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A053 0_2_0046A053
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FA068 0_2_004FA068
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043407B 0_2_0043407B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DA00E 0_2_004DA00E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046801D 0_2_0046801D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DC02E 0_2_004DC02E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052C037 0_2_0052C037
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE056 0_2_003FE056
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E804E 0_2_003E804E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA04F 0_2_003FA04F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A60C2 0_2_004A60C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DE0C5 0_2_004DE0C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005160DD 0_2_005160DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E0C5 0_2_0048E0C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004500D6 0_2_004500D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C0E1 0_2_0049C0E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005060FA 0_2_005060FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AC08A 0_2_004AC08A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E00F8 0_2_003E00F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00494086 0_2_00494086
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043C092 0_2_0043C092
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D409B 0_2_004D409B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051008A 0_2_0051008A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004300A6 0_2_004300A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044A0AF 0_2_0044A0AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BE0A7 0_2_004BE0A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B40BB 0_2_004B40BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005180A0 0_2_005180A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D20B6 0_2_004D20B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00444141 0_2_00444141
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E4144 0_2_004E4144
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050C15B 0_2_0050C15B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00488154 0_2_00488154
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C4169 0_2_004C4169
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046E17E 0_2_0046E17E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FC10C 0_2_004FC10C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464101 0_2_00464101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044210A 0_2_0044210A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047C117 0_2_0047C117
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EE118 0_2_004EE118
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00492125 0_2_00492125
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050E1D0 0_2_0050E1D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004121C7 0_2_004121C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A01C4 0_2_004A01C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005361DD 0_2_005361DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E1DF 0_2_0040E1DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EC185 0_2_003EC185
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004701FC 0_2_004701FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040A1FC 0_2_0040A1FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00500193 0_2_00500193
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046018C 0_2_0046018C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004281AD 0_2_004281AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004801BF 0_2_004801BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D61B4 0_2_004D61B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00474248 0_2_00474248
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CE25D 0_2_004CE25D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040625C 0_2_0040625C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040825C 0_2_0040825C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00416268 0_2_00416268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438278 0_2_00438278
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AC201 0_2_004AC201
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B8215 0_2_004B8215
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418221 0_2_00418221
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045822C 0_2_0045822C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E82CE 0_2_004E82CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CA2CC 0_2_004CA2CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004762CA 0_2_004762CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004222D5 0_2_004222D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C02E1 0_2_004C02E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D828A 0_2_004D828A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EC2A0 0_2_004EC2A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004782A8 0_2_004782A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F22B9 0_2_004F22B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004562BA 0_2_004562BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043E342 0_2_0043E342
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A34C 0_2_0052A34C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438362 0_2_00438362
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00472364 0_2_00472364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045236A 0_2_0045236A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434316 0_2_00434316
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00496312 0_2_00496312
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050830B 0_2_0050830B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B6314 0_2_004B6314
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A232C 0_2_004A232C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004103C0 0_2_004103C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CC3C6 0_2_004CC3C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004983C4 0_2_004983C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005123F1 0_2_005123F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E0397 0_2_003E0397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004943FA 0_2_004943FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F838B 0_2_003F838B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EA388 0_2_003EA388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045E385 0_2_0045E385
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00442387 0_2_00442387
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00510397 0_2_00510397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BC381 0_2_004BC381
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F03F2 0_2_003F03F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00420390 0_2_00420390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00470393 0_2_00470393
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FC3E7 0_2_003FC3E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B0396 0_2_004B0396
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EA3A9 0_2_004EA3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EE3D3 0_2_003EE3D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004843A7 0_2_004843A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046C3A9 0_2_0046C3A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044A44D 0_2_0044A44D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00448449 0_2_00448449
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00414452 0_2_00414452
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AA45E 0_2_004AA45E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00528449 0_2_00528449
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050644C 0_2_0050644C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00444459 0_2_00444459
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045446A 0_2_0045446A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E6477 0_2_004E6477
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F447A 0_2_003F447A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A401 0_2_0048A401
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042E40F 0_2_0042E40F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00450418 0_2_00450418
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A433 0_2_0051A433
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00430428 0_2_00430428
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402430 0_2_00402430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050A421 0_2_0050A421
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00424431 0_2_00424431
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046243F 0_2_0046243F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E4C5 0_2_0048E4C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004924D8 0_2_004924D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C84EE 0_2_004C84EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D04E9 0_2_004D04E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004404E1 0_2_004404E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004164EE 0_2_004164EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F04F9 0_2_004F04F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DA4FE 0_2_003DA4FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D64F8 0_2_003D64F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FE487 0_2_004FE487
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A49E 0_2_0046A49E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004824A9 0_2_004824A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FA4A8 0_2_004FA4A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE4D7 0_2_003FE4D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A44BE 0_2_004A44BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CA559 0_2_004CA559
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FC55A 0_2_004FC55A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047C56A 0_2_0047C56A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C657C 0_2_004C657C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047657C 0_2_0047657C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00524569 0_2_00524569
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E8502 0_2_003E8502
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E250E 0_2_004E250E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EC50C 0_2_004EC50C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B8508 0_2_004B8508
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C500 0_2_0049C500
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466511 0_2_00466511
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052250C 0_2_0052250C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C4528 0_2_004C4528
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E452A 0_2_004E452A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EA53B 0_2_004EA53B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047253E 0_2_0047253E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DE547 0_2_003DE547
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BE531 0_2_004BE531
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D65CE 0_2_004D65CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004805CE 0_2_004805CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EC5A5 0_2_003EC5A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E05D1 0_2_004E05D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004405EF 0_2_004405EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005145FD 0_2_005145FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004005FF 0_2_004005FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00422586 0_2_00422586
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045A596 0_2_0045A596
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B4592 0_2_004B4592
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041E5B3 0_2_0041E5B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048C5B4 0_2_0048C5B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E644 0_2_0040E644
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051C654 0_2_0051C654
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043664F 0_2_0043664F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E643 0_2_0051E643
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00428660 0_2_00428660
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00456671 0_2_00456671
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C2679 0_2_004C2679
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041A604 0_2_0041A604
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D2619 0_2_004D2619
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2664 0_2_003F2664
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00478619 0_2_00478619
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E2650 0_2_003E2650
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A63F 0_2_0051A63F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042C630 0_2_0042C630
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EA649 0_2_003EA649
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418639 0_2_00418639
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004586D2 0_2_004586D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004106DC 0_2_004106DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047A6D8 0_2_0047A6D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004306E9 0_2_004306E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004526E8 0_2_004526E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D86F8 0_2_003D86F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AE683 0_2_004AE683
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00534698 0_2_00534698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00520682 0_2_00520682
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C69D 0_2_0049C69D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A26AB 0_2_004A26AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004746A4 0_2_004746A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040A6A8 0_2_0040A6A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F06BF 0_2_004F06BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BA741 0_2_004BA741
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EC721 0_2_003EC721
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A766 0_2_0048A766
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E766 0_2_0048E766
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A767 0_2_0052A767
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040477E 0_2_0040477E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00488700 0_2_00488700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044670F 0_2_0044670F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F8712 0_2_004F8712
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B072A 0_2_004B072A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004447C4 0_2_004447C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DC7C4 0_2_004DC7C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CC7C2 0_2_004CC7C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F07AC 0_2_003F07AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA78F 0_2_003FA78F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00414781 0_2_00414781
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BC78C 0_2_004BC78C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044278E 0_2_0044278E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004987AF 0_2_004987AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046C7AA 0_2_0046C7AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E47D3 0_2_003E47D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EE7C8 0_2_003EE7C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466843 0_2_00466843
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F6857 0_2_004F6857
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DA851 0_2_004DA851
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051284D 0_2_0051284D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DA81F 0_2_003DA81F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00510874 0_2_00510874
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FA861 0_2_004FA861
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00502815 0_2_00502815
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040A815 0_2_0040A815
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044A81D 0_2_0044A81D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E0865 0_2_003E0865
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040C8C3 0_2_0040C8C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E88B4 0_2_003E88B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E48DE 0_2_004E48DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CE8DE 0_2_004CE8DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C28EA 0_2_004C28EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE898 0_2_003FE898
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A48FB 0_2_004A48FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D6881 0_2_003D6881
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041A889 0_2_0041A889
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041C893 0_2_0041C893
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F88EB 0_2_003F88EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004628AE 0_2_004628AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B48B8 0_2_004B48B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D48B8 0_2_004D48B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F48B9 0_2_004F48B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A8B9 0_2_0046A8B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FE949 0_2_004FE949
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00486946 0_2_00486946
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00500940 0_2_00500940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045295C 0_2_0045295C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00528949 0_2_00528949
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045095B 0_2_0045095B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00522976 0_2_00522976
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041696D 0_2_0041696D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047C90A 0_2_0047C90A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045891C 0_2_0045891C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052690D 0_2_0052690D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C924 0_2_0045C924
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A8922 0_2_004A8922
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C6924 0_2_004C6924
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EE93E 0_2_004EE93E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048093B 0_2_0048093B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DE94A 0_2_003DE94A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004049C3 0_2_004049C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004269CB 0_2_004269CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005069C4 0_2_005069C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044C9DD 0_2_0044C9DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C49E7 0_2_004C49E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004709EB 0_2_004709EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004689E9 0_2_004689E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004369FC 0_2_004369FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BE9AF 0_2_004BE9AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DA9B3 0_2_004DA9B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004189BE 0_2_004189BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D0A48 0_2_004D0A48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E6A44 0_2_004E6A44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A0A5E 0_2_004A0A5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EEA20 0_2_003EEA20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00514A61 0_2_00514A61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E2A7C 0_2_004E2A7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CAA7F 0_2_004CAA7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F0A74 0_2_004F0A74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CEA71 0_2_004CEA71
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EAA0F 0_2_004EAA0F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045AA06 0_2_0045AA06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2A7B 0_2_003F2A7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434A0C 0_2_00434A0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B2A13 0_2_004B2A13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00488A37 0_2_00488A37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B6AC9 0_2_004B6AC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00524AD8 0_2_00524AD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E2A97 0_2_003E2A97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00494AFF 0_2_00494AFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00512AE8 0_2_00512AE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048AAF5 0_2_0048AAF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D6A8E 0_2_004D6A8E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D6AF6 0_2_003D6AF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048EA84 0_2_0048EA84
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00454A97 0_2_00454A97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418AA0 0_2_00418AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D2AAE 0_2_004D2AAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00536B51 0_2_00536B51
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043EB40 0_2_0043EB40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F6B37 0_2_003F6B37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00484B46 0_2_00484B46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E8B56 0_2_004E8B56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00508B73 0_2_00508B73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00498B67 0_2_00498B67
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526B12 0_2_00526B12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00412B07 0_2_00412B07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00522B05 0_2_00522B05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050AB08 0_2_0050AB08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00448B1D 0_2_00448B1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AEB15 0_2_004AEB15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00400B27 0_2_00400B27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00510B22 0_2_00510B22
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00518BD5 0_2_00518BD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041ABCC 0_2_0041ABCC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00408BD2 0_2_00408BD2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00420BD4 0_2_00420BD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F4BA7 0_2_003F4BA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AABEF 0_2_004AABEF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00416BF0 0_2_00416BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040EBF4 0_2_0040EBF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438BFD 0_2_00438BFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044AB85 0_2_0044AB85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E4BF5 0_2_003E4BF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046CB89 0_2_0046CB89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00500B87 0_2_00500B87
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042EBA8 0_2_0042EBA8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00474BB8 0_2_00474BB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CC41 0_2_0040CC41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BAC48 0_2_004BAC48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DCC49 0_2_004DCC49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00426C48 0_2_00426C48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00444C4B 0_2_00444C4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00452C50 0_2_00452C50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CCC54 0_2_004CCC54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FAC6F 0_2_004FAC6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DEC64 0_2_004DEC64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DCC63 0_2_003DCC63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436C2C 0_2_00436C2C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F8C41 0_2_003F8C41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00532CD0 0_2_00532CD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C8CC4 0_2_004C8CC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042CCD2 0_2_0042CCD2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EECE8 0_2_004EECE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050CCF7 0_2_0050CCF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040AC83 0_2_0040AC83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466C80 0_2_00466C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003ECCF0 0_2_003ECCF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404CA9 0_2_00404CA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00528CBB 0_2_00528CBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00460CAD 0_2_00460CAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047CCB6 0_2_0047CCB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00516CA7 0_2_00516CA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D8CC0 0_2_003D8CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BECB5 0_2_004BECB5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E0CB1 0_2_004E0CB1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045CD45 0_2_0045CD45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00504D59 0_2_00504D59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00426D52 0_2_00426D52
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C4D53 0_2_004C4D53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DAD52 0_2_004DAD52
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FED67 0_2_004FED67
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EAD13 0_2_003EAD13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051ED12 0_2_0051ED12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E0D77 0_2_003E0D77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DCDD8 0_2_004DCDD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044CDD8 0_2_0044CDD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E2DD0 0_2_004E2DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047EDFE 0_2_0047EDFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00470D84 0_2_00470D84
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CED88 0_2_004CED88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00440D9F 0_2_00440D9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C6D91 0_2_004C6D91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043ADB3 0_2_0043ADB3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EEDCA 0_2_003EEDCA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00480E49 0_2_00480E49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00520E54 0_2_00520E54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A8E41 0_2_004A8E41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049EE50 0_2_0049EE50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00432E5F 0_2_00432E5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00468E6F 0_2_00468E6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2E10 0_2_003F2E10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048EE73 0_2_0048EE73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00494E0E 0_2_00494E0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D8E1E 0_2_004D8E1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051CE09 0_2_0051CE09
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E4E3E 0_2_004E4E3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048AE3C 0_2_0048AE3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A6E3C 0_2_004A6E3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EAE38 0_2_004EAE38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F6E46 0_2_003F6E46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045EE3C 0_2_0045EE3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00426ECB 0_2_00426ECB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00488EDD 0_2_00488EDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00502EC7 0_2_00502EC7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051AEF7 0_2_0051AEF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E6E99 0_2_003E6E99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00458EF1 0_2_00458EF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00442EF3 0_2_00442EF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D4EF0 0_2_004D4EF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00512E93 0_2_00512E93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044AE9C 0_2_0044AE9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F2E90 0_2_004F2E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DEED0 0_2_003DEED0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D0EBC 0_2_004D0EBC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DEEBE 0_2_004DEEBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00506EAC 0_2_00506EAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00412EBC 0_2_00412EBC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E4F38 0_2_003E4F38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046EF41 0_2_0046EF41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B8F43 0_2_004B8F43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B0F69 0_2_004B0F69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B4F67 0_2_004B4F67
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00474F68 0_2_00474F68
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051EF6A 0_2_0051EF6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00448F03 0_2_00448F03
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BCF05 0_2_004BCF05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E8F1C 0_2_004E8F1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041EF15 0_2_0041EF15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047AF12 0_2_0047AF12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F8F5C 0_2_003F8F5C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00524F2B 0_2_00524F2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00440F3E 0_2_00440F3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052AF28 0_2_0052AF28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C2F37 0_2_004C2F37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00478F38 0_2_00478F38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AAFCB 0_2_004AAFCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00430FD8 0_2_00430FD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00446FD8 0_2_00446FD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F8FEE 0_2_004F8FEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434FF0 0_2_00434FF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00406FF7 0_2_00406FF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043AFF9 0_2_0043AFF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00422FF9 0_2_00422FF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DEFF6 0_2_004DEFF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FAF8F 0_2_004FAF8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00420F8C 0_2_00420F8C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00400F9F 0_2_00400F9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464FB2 0_2_00464FB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042F04A 0_2_0042F04A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00497040 0_2_00497040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F7059 0_2_004F7059
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BD05C 0_2_004BD05C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D9019 0_2_003D9019
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00467068 0_2_00467068
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00409074 0_2_00409074
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E907E 0_2_003E907E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044D025 0_2_0044D025
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00417025 0_2_00417025
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00517036 0_2_00517036
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00483025 0_2_00483025
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00445036 0_2_00445036
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00449036 0_2_00449036
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004570C2 0_2_004570C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005290DD 0_2_005290DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004330DD 0_2_004330DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004510E6 0_2_004510E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004530F1 0_2_004530F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049B0F2 0_2_0049B0F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047F0F9 0_2_0047F0F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00511093 0_2_00511093
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A3081 0_2_004A3081
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BF09C 0_2_004BF09C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00401098 0_2_00401098
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B0AB 0_2_0040B0AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005190BF 0_2_005190BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045D0BE 0_2_0045D0BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050B0AB 0_2_0050B0AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049914D 0_2_0049914D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E314B 0_2_004E314B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040F147 0_2_0040F147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C5146 0_2_004C5146
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A716D 0_2_004A716D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00443168 0_2_00443168
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00493167 0_2_00493167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B7165 0_2_004B7165
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F9103 0_2_003F9103
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F110F 0_2_004F110F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AB10D 0_2_004AB10D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003ED176 0_2_003ED176
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D1104 0_2_004D1104
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EF173 0_2_003EF173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043D123 0_2_0043D123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049D125 0_2_0049D125
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046B133 0_2_0046B133
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F31BE 0_2_003F31BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E51B9 0_2_003E51B9
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00597706 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.1910698197.00000000003C6000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: kjdgxlpm ZLIB complexity 0.9950564581491306
Source: classification engine Classification label: mal100.evad.winEXE@1/1@1/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1762304 > 1048576
Source: file.exe Static PE information: Raw size of kjdgxlpm is bigger than: 0x100000 < 0x1a8200
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1777686431.0000000004E40000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1910681921.00000000003C2000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.3c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kjdgxlpm:EW;zrpyswpt:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1bc33b should be: 0x1b4b58
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: kjdgxlpm
Source: file.exe Static PE information: section name: zrpyswpt
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE51C push 7189A9FCh; mov dword ptr [esp], ebx 0_2_003CF445
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE642 push edx; mov dword ptr [esp], 257D39B4h 0_2_003CE655
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE02F push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE02F push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push 513829DCh; mov dword ptr [esp], esp 0_2_003E44DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push edx; mov dword ptr [esp], ebp 0_2_003E44F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push ebx; mov dword ptr [esp], edx 0_2_003E45C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push 6903A980h; mov dword ptr [esp], edx 0_2_003E4600
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push ebp; mov dword ptr [esp], eax 0_2_003E460C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push 3C67C826h; mov dword ptr [esp], ebx 0_2_003E4614
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push edi; mov dword ptr [esp], eax 0_2_003E4677
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E402D push 7ADC02E4h; mov dword ptr [esp], edx 0_2_003E4697
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2074 push eax; mov dword ptr [esp], 55CD8B7Ch 0_2_005B20A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2074 push 4C2B8DF1h; mov dword ptr [esp], eax 0_2_005B20B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2074 push 38C1C081h; mov dword ptr [esp], eax 0_2_005B20CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D206C push 72DEDBC3h; mov dword ptr [esp], esi 0_2_003D501A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE065 push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE065 push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE05A push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE05A push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0062A01D push 69C09295h; mov dword ptr [esp], esi 0_2_0062A396
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE0B6 push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE0B6 push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D20AC push esi; mov dword ptr [esp], edx 0_2_003D20C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE095 push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE095 push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE0F5 push 0B3CE854h; mov dword ptr [esp], ecx 0_2_003CE1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE0F5 push esi; mov dword ptr [esp], edx 0_2_003CE212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CC0F7 push 29BF4744h; ret 0_2_003CC0FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D40DA push edi; mov dword ptr [esp], 2F6D45B1h 0_2_003D467C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D40DA push 081046D5h; mov dword ptr [esp], ebx 0_2_003D4C6A
Source: file.exe Static PE information: section name: entropy: 7.7507611266535665
Source: file.exe Static PE information: section name: kjdgxlpm entropy: 7.953505006477482

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3CE139 second address: 3CE13D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54022D second address: 54024D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FB07CD8C2F6h 0x00000009 pop edx 0x0000000a jmp 00007FB07CD8C2FAh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54024D second address: 540253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 540253 second address: 54027B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C302h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 jnp 00007FB07CD8C2F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54052C second address: 54055D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Fh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB07D261230h 0x00000012 jmp 00007FB07D26122Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5406DC second address: 5406EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB07CD8C2FEh 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 540849 second address: 54084E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54084E second address: 540867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C302h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542A97 second address: 542AC9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D26122Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FB07D26122Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB07D261232h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542AC9 second address: 542ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542ACD second address: 542B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007FB07D261234h 0x0000000d push 00000000h 0x0000000f jno 00007FB07D261227h 0x00000015 push 88D45D21h 0x0000001a pushad 0x0000001b jl 00007FB07D261228h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push edi 0x00000024 js 00007FB07D261226h 0x0000002a pop edi 0x0000002b popad 0x0000002c add dword ptr [esp], 772BA35Fh 0x00000033 pushad 0x00000034 jmp 00007FB07D26122Bh 0x00000039 xor edx, dword ptr [ebp+122D29EBh] 0x0000003f popad 0x00000040 push 00000003h 0x00000042 xor edi, dword ptr [ebp+122D2A53h] 0x00000048 push 00000000h 0x0000004a movzx edi, dx 0x0000004d push 00000003h 0x0000004f sub dword ptr [ebp+122D1CA1h], ecx 0x00000055 jnl 00007FB07D26122Ch 0x0000005b mov ecx, dword ptr [ebp+122D1C37h] 0x00000061 push D7D9D898h 0x00000066 push edx 0x00000067 jmp 00007FB07D26122Ah 0x0000006c pop edx 0x0000006d xor dword ptr [esp], 17D9D898h 0x00000074 mov cl, bh 0x00000076 lea ebx, dword ptr [ebp+12448931h] 0x0000007c and ecx, dword ptr [ebp+122D1E13h] 0x00000082 xchg eax, ebx 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007FB07D261232h 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542BED second address: 542BF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542BF7 second address: 542C32 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, 4D25D2FAh 0x0000000e push 00000000h 0x00000010 jns 00007FB07D26122Ch 0x00000016 call 00007FB07D261229h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FB07D261232h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542C32 second address: 542C3C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542C3C second address: 542C6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D26122Fh 0x00000008 jmp 00007FB07D26122Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FB07D26122Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542C6A second address: 542C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542C6E second address: 542C90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261231h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edi 0x0000000e jne 00007FB07D26122Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542C90 second address: 542CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 pushad 0x00000008 pushad 0x00000009 jl 00007FB07CD8C2F6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push ebx 0x0000001d pushad 0x0000001e popad 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542CB4 second address: 542CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542CB8 second address: 542CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b sub dword ptr [ebp+122D2C4Eh], eax 0x00000011 pushad 0x00000012 xor dword ptr [ebp+122D19B8h], ebx 0x00000018 sub dword ptr [ebp+122D195Ch], eax 0x0000001e popad 0x0000001f push 00000003h 0x00000021 mov dword ptr [ebp+122D2F66h], eax 0x00000027 push 00000000h 0x00000029 mov dl, 3Dh 0x0000002b push 00000003h 0x0000002d stc 0x0000002e push 74555F59h 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542CFF second address: 542D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542D03 second address: 542D8A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FB07CD8C301h 0x00000010 jo 00007FB07CD8C2F6h 0x00000016 popad 0x00000017 popad 0x00000018 add dword ptr [esp], 4BAAA0A7h 0x0000001f and esi, 06044C08h 0x00000025 mov dl, 91h 0x00000027 lea ebx, dword ptr [ebp+1244893Ah] 0x0000002d jmp 00007FB07CD8C305h 0x00000032 xchg eax, ebx 0x00000033 jmp 00007FB07CD8C309h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b ja 00007FB07CD8C30Ch 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542EEC second address: 542EF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542EF0 second address: 542EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542EF6 second address: 542F16 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D26122Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB07D26122Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542F16 second address: 542F7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C303h 0x00000008 jmp 00007FB07CD8C305h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jmp 00007FB07CD8C306h 0x00000019 pop eax 0x0000001a mov dword ptr [ebp+122D1C3Eh], ebx 0x00000020 lea ebx, dword ptr [ebp+12448945h] 0x00000026 sub dword ptr [ebp+122D1AADh], edx 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 jng 00007FB07CD8C2F6h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554634 second address: 554651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnc 00007FB07D26122Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push esi 0x0000000e pushad 0x0000000f ja 00007FB07D261226h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5377CD second address: 5377D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5377D1 second address: 5377FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007FB07D261226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB07D261239h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562459 second address: 5624B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jno 00007FB07CD8C2FCh 0x0000000b jnp 00007FB07CD8C30Fh 0x00000011 jmp 00007FB07CD8C309h 0x00000016 popad 0x00000017 je 00007FB07CD8C302h 0x0000001d js 00007FB07CD8C2FCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562621 second address: 56265C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e ja 00007FB07D261255h 0x00000014 push esi 0x00000015 jmp 00007FB07D26122Eh 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56265C second address: 562662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562662 second address: 562666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562A84 second address: 562A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562BCB second address: 562BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562BCF second address: 562BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562BD6 second address: 562BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007FB07D26122Eh 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562BE5 second address: 562C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB07CD8C308h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562D80 second address: 562D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562D86 second address: 562D96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB07CD8C2FAh 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562F6B second address: 562F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB07D26122Dh 0x0000000a jo 00007FB07D261232h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562F85 second address: 562F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556BED second address: 556BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556BF2 second address: 556C0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C303h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5630C4 second address: 5630D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568090 second address: 568094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568094 second address: 5680AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261233h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E580 second address: 56E585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E844 second address: 56E893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jmp 00007FB07D261238h 0x0000000c jbe 00007FB07D26123Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB07D261234h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E893 second address: 56E897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E897 second address: 56E8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56ED07 second address: 56ED10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56ED10 second address: 56ED38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 jmp 00007FB07D261232h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56EEDE second address: 56EEE3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56EFF9 second address: 56F005 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07D261226h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57259D second address: 5725AA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5725AA second address: 5725B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5725B6 second address: 5725BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5725BA second address: 5725C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5725C4 second address: 5725F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jnp 00007FB07CD8C309h 0x00000012 jg 00007FB07CD8C2F8h 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5725F9 second address: 5725FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572913 second address: 572917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572AD4 second address: 572AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FB07D261226h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572AE1 second address: 572AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572DAF second address: 572DCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261234h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FB07D26122Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573214 second address: 57322D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57322D second address: 573231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573300 second address: 573328 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FB07CD8C2F8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB07CD8C301h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573422 second address: 573426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57365E second address: 573668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5758D3 second address: 5758D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5750D1 second address: 57510C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FB07CD8C307h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB07CD8C309h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5758D7 second address: 5758DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5758DD second address: 5758E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5758E3 second address: 5758E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578190 second address: 5781C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07CD8C300h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB07CD8C306h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5781C1 second address: 5781CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5781CA second address: 5781D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5781D0 second address: 578213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov esi, dword ptr [ebp+122D1E4Fh] 0x0000000d push 00000000h 0x0000000f sub edi, 3E5B33E7h 0x00000015 pushad 0x00000016 add dword ptr [ebp+12449E3Eh], edi 0x0000001c mov ecx, 2FA76C1Eh 0x00000021 popad 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 jmp 00007FB07D261233h 0x0000002a pop esi 0x0000002b push eax 0x0000002c jo 00007FB07D26123Bh 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578D10 second address: 578D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578D14 second address: 578DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007FB07D261233h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FB07D261228h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 push 00000000h 0x0000002a and edi, 712AA8DBh 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FB07D261228h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+1244A624h] 0x00000052 xchg eax, ebx 0x00000053 pushad 0x00000054 jp 00007FB07D261228h 0x0000005a push ebx 0x0000005b pop ebx 0x0000005c jmp 00007FB07D261233h 0x00000061 popad 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jnp 00007FB07D261228h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578A95 second address: 578A9F instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578A9F second address: 578AB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007FB07D261226h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB07D26122Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 578AB8 second address: 578ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57AC0C second address: 57AC28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB07D261236h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57AC28 second address: 57AC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57AC2C second address: 57AC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57AC30 second address: 57AC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007FB07CD8C309h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57CF72 second address: 57CFC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push esi 0x0000000a jmp 00007FB07D26122Ch 0x0000000f pop ebx 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D191Dh], eax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FB07D261228h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 pushad 0x00000035 mov ebx, 5CDA107Dh 0x0000003a mov edx, 3D10C3E4h 0x0000003f popad 0x00000040 xchg eax, esi 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57CFC8 second address: 57CFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57CFCE second address: 57CFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57DEE8 second address: 57DFAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB07CD8C308h 0x0000000e nop 0x0000000f call 00007FB07CD8C307h 0x00000014 mov edi, dword ptr [ebp+122D1F38h] 0x0000001a pop ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007FB07CD8C2F8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 call 00007FB07CD8C308h 0x0000003c jne 00007FB07CD8C304h 0x00000042 pop edi 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FB07CD8C2F8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000016h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f xchg eax, esi 0x00000060 jmp 00007FB07CD8C2FDh 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push ecx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57DFAD second address: 57DFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58006C second address: 58008C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C2FAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jno 00007FB07CD8C2F6h 0x00000013 jg 00007FB07CD8C2F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58008C second address: 5800A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5800A5 second address: 5800AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5800AA second address: 5800C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5800C4 second address: 5800D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007FB07CD8C2FEh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5800D3 second address: 5800E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FB07D261243h 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5808B0 second address: 580925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FB07CD8C2FDh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FB07CD8C2F8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D2EE3h], edi 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f mov bx, dx 0x00000042 mov eax, dword ptr [ebp+122D1275h] 0x00000048 pushad 0x00000049 mov dword ptr [ebp+122D1DD8h], esi 0x0000004f mov ecx, dword ptr [ebp+122D1CBFh] 0x00000055 popad 0x00000056 push FFFFFFFFh 0x00000058 sub bx, F22Dh 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 580925 second address: 580929 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5836A0 second address: 5836BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C309h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 582952 second address: 5829B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007FB07D26122Ah 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov di, B8E1h 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 clc 0x00000022 mov eax, dword ptr [ebp+122D11B1h] 0x00000028 mov edi, 6FF94F69h 0x0000002d jnp 00007FB07D26122Ch 0x00000033 push FFFFFFFFh 0x00000035 or bh, 0000004Dh 0x00000038 nop 0x00000039 pushad 0x0000003a push ecx 0x0000003b pushad 0x0000003c popad 0x0000003d pop ecx 0x0000003e jmp 00007FB07D26122Bh 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jno 00007FB07D26122Ch 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5838F1 second address: 5838F6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5838F6 second address: 583903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 583903 second address: 583907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 585811 second address: 58586D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 sub bx, A88Dh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FB07D261228h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 sbb edi, 34705BAEh 0x0000002f push 00000000h 0x00000031 jg 00007FB07D261230h 0x00000037 jmp 00007FB07D26122Ah 0x0000003c mov bh, 94h 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 jnc 00007FB07D261228h 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a jnc 00007FB07D261226h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58586D second address: 585883 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FB07CD8C2F8h 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5868CE second address: 5868E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261234h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5868E6 second address: 5868F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589962 second address: 589984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB07D261239h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589984 second address: 5899F3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FB07CD8C30Dh 0x00000010 popad 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FB07CD8C2F8h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c jnc 00007FB07CD8C2F8h 0x00000032 push 00000000h 0x00000034 xor edi, 45C2E781h 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D2AAFh] 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushad 0x00000047 popad 0x00000048 ja 00007FB07CD8C2F6h 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5899F3 second address: 5899F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586A71 second address: 586A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586A75 second address: 586A9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261239h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FB07D261226h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586A9C second address: 586AA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586AA0 second address: 586AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586AAA second address: 586AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 586AAE second address: 586B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FB07D261228h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 add dword ptr [ebp+122D2870h], eax 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 jmp 00007FB07D26122Fh 0x0000003b mov eax, dword ptr [ebp+122D1479h] 0x00000041 jl 00007FB07D26123Ah 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007FB07D261228h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 00000015h 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 push eax 0x00000064 jp 00007FB07D261234h 0x0000006a pushad 0x0000006b jc 00007FB07D261226h 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58AB6E second address: 58AB73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5859EB second address: 5859EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5859EF second address: 5859F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 585B02 second address: 585B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589B98 second address: 589B9D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589C80 second address: 589C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589C84 second address: 589C94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595AE6 second address: 595AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595AEA second address: 595AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A6AA1 second address: 5A6AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A6AAB second address: 5A6AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AB5EE second address: 5AB5F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC045 second address: 5AC053 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnp 00007FB07CD8C2F6h 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC1C2 second address: 5AC1E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FB07D261226h 0x00000009 jmp 00007FB07D261234h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC364 second address: 5AC381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C303h 0x00000007 jnp 00007FB07CD8C2F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC381 second address: 5AC38B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC38B second address: 5AC38F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0DE9 second address: 5B0DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0DEE second address: 5B0E02 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007FB07CD8C2F6h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007FB07CD8C2F6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B10C2 second address: 5B10F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261239h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB07D261231h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B10F5 second address: 5B10F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B13DB second address: 5B140A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB07D261226h 0x0000000a jmp 00007FB07D26122Bh 0x0000000f popad 0x00000010 jmp 00007FB07D26122Ah 0x00000015 pushad 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B140A second address: 5B140E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B140E second address: 5B1424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1424 second address: 5B143A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB07CD8C2FCh 0x00000008 jnp 00007FB07CD8C2F6h 0x0000000e js 00007FB07CD8C2FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B182E second address: 5B183E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB07D261226h 0x00000008 jbe 00007FB07D261226h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B183E second address: 5B1844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1844 second address: 5B1848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1AF0 second address: 5B1AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1AF7 second address: 5B1AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1AFE second address: 5B1B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FB07CD8C2F6h 0x0000000f je 00007FB07CD8C2F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1DCD second address: 5B1DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB07D261226h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7E96 second address: 5B7EC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB07CD8C300h 0x00000011 jmp 00007FB07CD8C2FAh 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7EC8 second address: 5B7ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7ECE second address: 5B7ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F422 second address: 52F428 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F428 second address: 52F434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F434 second address: 52F438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F438 second address: 52F460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C306h 0x00000007 jmp 00007FB07CD8C2FEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F460 second address: 52F465 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6875 second address: 5B687B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B687B second address: 5B6894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6A05 second address: 5B6A39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FB07CD8C2F6h 0x00000009 jc 00007FB07CD8C2F6h 0x0000000f js 00007FB07CD8C2F6h 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB07CD8C308h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6A39 second address: 5B6A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6B88 second address: 5B6BAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C308h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6BAC second address: 5B6BB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7166 second address: 5B716A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B716A second address: 5B7170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7170 second address: 5B718A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB07CD8C2F8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FB07CD8C312h 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FB07CD8C2F6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B740E second address: 5B7414 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7414 second address: 5B742D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB07CD8C305h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B76A5 second address: 5B76CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261232h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB07D26122Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B76CB second address: 5B76D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B76D3 second address: 5B76D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B76D7 second address: 5B7704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C304h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007FB07CD8C2F6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 jnp 00007FB07CD8C310h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7704 second address: 5B771F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261234h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B771F second address: 5B7725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55772B second address: 55775D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FB07D261233h 0x0000000a jmp 00007FB07D261236h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55775D second address: 557767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB07CD8C2F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B7D1A second address: 5B7D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B64BD second address: 5B64EF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FB07CD8C2FEh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB07CD8C304h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B64EF second address: 5B64FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B64FC second address: 5B6500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6500 second address: 5B6523 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FB07D261226h 0x00000011 jmp 00007FB07D261230h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B6523 second address: 5B652E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB07CD8C2F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B652E second address: 5B6539 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB07D261226h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA748 second address: 5BA76B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C309h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA76B second address: 5BA78A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261235h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BDD5B second address: 5BDD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C300h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BDD6F second address: 5BDD74 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 534250 second address: 534256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 570F8D second address: 570F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 570F93 second address: 570F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 570F98 second address: 570FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D261236h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 570FB3 second address: 570FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB07CD8C2FFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571506 second address: 571542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07D261235h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FB07D26122Fh 0x00000017 popad 0x00000018 pop eax 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571542 second address: 571573 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C300h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jmp 00007FB07CD8C306h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571573 second address: 571579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571579 second address: 57158D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FB07CD8C2F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571698 second address: 5716A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5716A6 second address: 5716B8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FB07CD8C2F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5716B8 second address: 5716E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, esi 0x0000000b sbb di, 2B40h 0x00000010 mov edi, edx 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007FB07D26122Fh 0x00000019 jnl 00007FB07D26122Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571866 second address: 57186A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57186A second address: 571874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57196E second address: 571994 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571994 second address: 5719BB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c movsx edx, cx 0x0000000f push 00000004h 0x00000011 sub dh, 00000037h 0x00000014 and dx, 6CA1h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB07D26122Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571DA2 second address: 571DFD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jns 00007FB07CD8C2F6h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FB07CD8C2F8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push 0000001Eh 0x00000032 movsx edx, ax 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FB07CD8C308h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57196A second address: 57196E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57209E second address: 572103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB07CD8C306h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jns 00007FB07CD8C2FEh 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 jp 00007FB07CD8C2FCh 0x0000001e pushad 0x0000001f push edi 0x00000020 pop edi 0x00000021 jc 00007FB07CD8C2F6h 0x00000027 popad 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FB07CD8C307h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572103 second address: 572109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5721C8 second address: 5721E2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB07CD8C302h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5721E2 second address: 5721E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57228C second address: 572290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 572290 second address: 5722AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261237h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5722AB second address: 55772B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007FB07CD8C2F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007FB07CD8C309h 0x00000012 call dword ptr [ebp+122D1871h] 0x00000018 pushad 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6B19 second address: 5C6B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007FB07D26122Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6B30 second address: 5C6B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6C98 second address: 5C6CBE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB07D261226h 0x00000008 jmp 00007FB07D261238h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6CBE second address: 5C6CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6CC2 second address: 5C6CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6CC8 second address: 5C6CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6CD4 second address: 5C6CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB07D261226h 0x0000000a popad 0x0000000b jmp 00007FB07D261238h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6CF7 second address: 5C6D32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB07CD8C309h 0x00000008 jbe 00007FB07CD8C2F6h 0x0000000e jc 00007FB07CD8C2F6h 0x00000014 jmp 00007FB07CD8C2FAh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007FB07CD8C2F6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6EAB second address: 5C6EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6EB1 second address: 5C6EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FB07CD8C2FFh 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 jne 00007FB07CD8C2F6h 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6EDA second address: 5C6EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C706D second address: 5C7075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7379 second address: 5C737F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C737F second address: 5C7384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7384 second address: 5C73B9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07D26123Eh 0x00000008 jmp 00007FB07D261238h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jno 00007FB07D26122Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C73B9 second address: 5C73BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C73BD second address: 5C73C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C9B4F second address: 5C9B85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007FB07CD8C2FBh 0x0000000f jmp 00007FB07CD8C306h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D2692 second address: 5D26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FB07D26122Eh 0x0000000b jne 00007FB07D261226h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D26AE second address: 5D26B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D26B4 second address: 5D26CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07D261231h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8EE4 second address: 5D8F2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FFh 0x00000007 jmp 00007FB07CD8C307h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FB07CD8C307h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8F2A second address: 5D8F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8F33 second address: 5D8F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8F37 second address: 5D8F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB07D261238h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8F55 second address: 5D8F68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FB07CD8C2FCh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D9361 second address: 5D9367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D9367 second address: 5D9374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FB07CD8C2F8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D9374 second address: 5D937A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D937A second address: 5D93B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C302h 0x00000007 jbe 00007FB07CD8C2F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007FB07CD8C2FEh 0x00000015 jne 00007FB07CD8C2F6h 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 jmp 00007FB07CD8C2FAh 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D94EC second address: 5D94FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D94FB second address: 5D950E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D950E second address: 5D9514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D9514 second address: 5D9532 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C304h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571BA3 second address: 571C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 sub di, 6911h 0x0000000b adc cx, 3CD6h 0x00000010 mov ebx, dword ptr [ebp+12476BF0h] 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FB07D261228h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push ecx 0x00000031 or dword ptr [ebp+122D19B8h], esi 0x00000037 pop edx 0x00000038 pushad 0x00000039 mov dword ptr [ebp+122D2C4Eh], ebx 0x0000003f mov ax, F844h 0x00000043 popad 0x00000044 add eax, ebx 0x00000046 mov dx, cx 0x00000049 nop 0x0000004a jns 00007FB07D261232h 0x00000050 push eax 0x00000051 jc 00007FB07D261230h 0x00000057 pushad 0x00000058 pushad 0x00000059 popad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 571C0E second address: 571C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jmp 00007FB07CD8C308h 0x0000000b push 00000004h 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007FB07CD8C2F8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dh, 3Ch 0x00000029 or dword ptr [ebp+122D196Ch], ecx 0x0000002f nop 0x00000030 jmp 00007FB07CD8C2FCh 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 js 00007FB07CD8C2F6h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D97C0 second address: 5D97CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D97CA second address: 5D97D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB07CD8C2F6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D97D7 second address: 5D97DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D9957 second address: 5D996B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C2FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D996B second address: 5D996F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DA368 second address: 5DA377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FB07CD8C2F6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DDADC second address: 5DDAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jg 00007FB07D261226h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DDAE9 second address: 5DDAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DDAEF second address: 5DDAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DDC56 second address: 5DDC5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5042 second address: 5E5046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5901 second address: 5E5905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5905 second address: 5E590F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E590F second address: 5E5913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5913 second address: 5E5917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5917 second address: 5E5928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007FB07CD8C2FEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5928 second address: 5E592E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E592E second address: 5E5934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5934 second address: 5E5938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5BD6 second address: 5E5BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5BE3 second address: 5E5BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5F01 second address: 5E5F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5F05 second address: 5E5F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07D261230h 0x0000000b jl 00007FB07D26122Eh 0x00000011 jns 00007FB07D261226h 0x00000017 pushad 0x00000018 popad 0x00000019 jc 00007FB07D26122Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5F31 second address: 5E5F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB07CD8C304h 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E64DF second address: 5E64E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E6766 second address: 5E676F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E676F second address: 5E678E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D261236h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E678E second address: 5E67A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C300h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E67A2 second address: 5E67A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E67A6 second address: 5E67CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C309h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FB07CD8C2F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E98B2 second address: 5E98B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F14CE second address: 5F14D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F14D2 second address: 5F14D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F14D6 second address: 5F14EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007FB07CD8C2F6h 0x0000000d jnl 00007FB07CD8C2F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F166D second address: 5F1673 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F1673 second address: 5F1679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F1679 second address: 5F167D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F167D second address: 5F1681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F1681 second address: 5F1687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F19CA second address: 5F19E7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2F6h 0x00000008 jmp 00007FB07CD8C303h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F1FD5 second address: 5F1FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F1FD9 second address: 5F2020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07CD8C309h 0x0000000b popad 0x0000000c jl 00007FB07CD8C338h 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007FB07CD8C2F6h 0x0000001a jmp 00007FB07CD8C309h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB2C5 second address: 5FB2C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB2C9 second address: 5FB2CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB2CD second address: 5FB2D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB54E second address: 5FB567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB07CD8C300h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB567 second address: 5FB5B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnc 00007FB07D261226h 0x0000000d jmp 00007FB07D261236h 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b jmp 00007FB07D26122Ah 0x00000020 push eax 0x00000021 push edx 0x00000022 jc 00007FB07D261226h 0x00000028 jmp 00007FB07D26122Fh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB6E2 second address: 5FB6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FB07CD8C2FFh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB6F6 second address: 5FB743 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007FB07D261233h 0x0000000c jmp 00007FB07D26122Eh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB07D261230h 0x00000019 jmp 00007FB07D261232h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8B8 second address: 5FB8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8BC second address: 5FB8C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8C5 second address: 5FB8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FB07CD8C2FEh 0x00000012 jng 00007FB07CD8C2FCh 0x00000018 jl 00007FB07CD8C2F6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8EB second address: 5FB8F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8F1 second address: 5FB8FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB8FB second address: 5FB8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FC0A2 second address: 5FC0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FC0A6 second address: 5FC0B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FA87A second address: 5FA888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007FB07CD8C2F6h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6008AF second address: 6008B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6008B7 second address: 6008BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604A64 second address: 604A68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604A68 second address: 604A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604A6E second address: 604A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604A7F second address: 604A83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604A83 second address: 604A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 611F5C second address: 611F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07CD8C303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6141E4 second address: 6141F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FB07D26122Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6141F4 second address: 61421D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB07CD8C301h 0x0000000c jmp 00007FB07CD8C301h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61421D second address: 614224 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 614224 second address: 61422C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 613C81 second address: 613C8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007FB07D261226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 613E12 second address: 613E1E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnp 00007FB07CD8C2F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 613E1E second address: 613E2C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007FB07D261226h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 626A06 second address: 626A0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 628BEA second address: 628C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007FB07D26122Fh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 628A9D second address: 628AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 628AA3 second address: 628AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 628AA8 second address: 628AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62F928 second address: 62F934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62FD7B second address: 62FD8D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB07CD8C2F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FB07CD8C2F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62FD8D second address: 62FD96 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630004 second address: 63000B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63000B second address: 630011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630011 second address: 630015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630015 second address: 630045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jns 00007FB07D261226h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FB07D26124Ch 0x00000016 jmp 00007FB07D261232h 0x0000001b push eax 0x0000001c push edx 0x0000001d ja 00007FB07D261226h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630045 second address: 63004B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6301F9 second address: 6301FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6301FD second address: 630201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630B3A second address: 630B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB07D261226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630B44 second address: 630B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6335A9 second address: 6335AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 633711 second address: 633716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 633716 second address: 63371B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63371B second address: 633723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63D445 second address: 63D44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63D44B second address: 63D44F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63D44F second address: 63D461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63D461 second address: 63D46D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB07CD8C2FEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63EA46 second address: 63EA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FE20 second address: 64FE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jne 00007FB07CD8C2FEh 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FB07CD8C2F8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FE40 second address: 64FE50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB07D26122Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FE50 second address: 64FE64 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB07CD8C2F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FB07CD8C2F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FA21 second address: 64FA3F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB07D261234h 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FA3F second address: 64FA51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jp 00007FB07CD8C2F8h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6593AF second address: 6593C7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB07D261226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB07D26122Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6593C7 second address: 6593DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C303h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6593DE second address: 659419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D261239h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e jmp 00007FB07D261230h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FB07D261226h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658B4F second address: 658B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658E23 second address: 658E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658E27 second address: 658E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658F94 second address: 658FA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB07D26122Dh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658FA6 second address: 658FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 658FAC second address: 658FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65CAA2 second address: 65CAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB07CD8C2F6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65CAB0 second address: 65CAB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66088C second address: 660890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 660890 second address: 66089C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66324B second address: 66324F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65C7C5 second address: 65C7D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07D26122Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65C7D6 second address: 65C7DB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65C936 second address: 65C93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65C93C second address: 65C940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65C940 second address: 65C944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65D99D second address: 65D9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB07CD8C2FCh 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FB07CD8C301h 0x00000010 popad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65D9C6 second address: 65D9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 60A52C instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4ED0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5250000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5180000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE02F rdtsc 0_2_003CE02F
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 3864 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A18B6 GetSystemInfo,VirtualAlloc, 0_2_005A18B6
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE02F rdtsc 0_2_003CE02F
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1910713833.000000000054A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: kIProgram Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059B853 GetSystemTime,GetFileTime, 0_2_0059B853

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532611 Sample: file.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 12 15.164.165.52.in-addr.arpa 2->12 14 Antivirus / Scanner detection for submitted sample 2->14 16 Machine Learning detection for sample 2->16 18 PE file contains section with special chars 2->18 20 AI detected suspicious sample 2->20 6 file.exe 9 1 2->6         started        signatures3 process4 file5 10 C:\Users\user\AppData\Local\...\file.exe.log, CSV 6->10 dropped 22 Detected unpacking (changes PE section rights) 6->22 24 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->24 26 Modifies windows update settings 6->26 28 8 other signatures 6->28 signatures6
No contacted IP infos

Contacted Domains

Name IP Active
15.164.165.52.in-addr.arpa unknown unknown