Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1532769
MD5: 3e3f0fde7c8332ff13596a7427d0489a
SHA1: 944b78c5b35ef8e062b38c3bab40967d7af3ddbe
SHA256: 519d0aa9c6202bd223d96dc7553bd372e1bd3243fdb48c91d1c1d7c55e4e627d
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B596D9 CryptVerifySignatureA, 0_2_00B596D9
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1734054743.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4A0A6 0_2_00A4A0A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C0A7 0_2_00A3C0A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2408A 0_2_00A2408A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A360EF 0_2_00A360EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 0_2_00A6C0E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB20FF 0_2_00AB20FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A160C7 0_2_00A160C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7C0C0 0_2_00A7C0C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC00DA 0_2_00AC00DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C20E6 0_2_009C20E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5C0DE 0_2_00A5C0DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70020 0_2_00A70020
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DA008 0_2_009DA008
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0E037 0_2_00A0E037
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA00B 0_2_00ABA00B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42016 0_2_00A42016
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD6069 0_2_00AD6069
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD0062 0_2_00AD0062
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE04A 0_2_009BE04A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A46076 0_2_00A46076
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FC07D 0_2_009FC07D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0804F 0_2_00A0804F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A14051 0_2_00A14051
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A26050 0_2_00A26050
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A541AE 0_2_00A541AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A1B0 0_2_00A1A1B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A841BD 0_2_00A841BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB61BC 0_2_00AB61BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D01BE 0_2_009D01BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AA1D2 0_2_009AA1D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE 0_2_00AF41FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A021D4 0_2_00A021D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A0118 0_2_009A0118
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2012B 0_2_00A2012B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD4124 0_2_00AD4124
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E010A 0_2_009E010A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A2102 0_2_009A2102
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2135 0_2_00AD2135
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A76105 0_2_00A76105
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3210E 0_2_00A3210E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DC12C 0_2_009DC12C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7A110 0_2_00A7A110
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9A161 0_2_00A9A161
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD8167 0_2_00AD8167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FE151 0_2_009FE151
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2C173 0_2_00A2C173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D814E 0_2_009D814E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A12143 0_2_00A12143
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC14E 0_2_00ADC14E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EA167 0_2_009EA167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC6157 0_2_00AC6157
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A342A9 0_2_00A342A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE629E 0_2_00AE629E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E42AA 0_2_009E42AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E62A9 0_2_009E62A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1C29B 0_2_00A1C29B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A02D9 0_2_009A02D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A942EA 0_2_00A942EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA22F7 0_2_00AA22F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAA2DF 0_2_00AAA2DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F62E3 0_2_009F62E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A22228 0_2_00A22228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6622B 0_2_00A6622B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C020B 0_2_009C020B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACE236 0_2_00ACE236
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABC209 0_2_00ABC209
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B422A 0_2_009B422A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D425F 0_2_009D425F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A04269 0_2_00A04269
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA827B 0_2_00AA827B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98271 0_2_00A98271
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4E240 0_2_00A4E240
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8224F 0_2_00A8224F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F4275 0_2_009F4275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E8275 0_2_009E8275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6024A 0_2_00A6024A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5E24B 0_2_00A5E24B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE23A8 0_2_00AE23A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABE3B2 0_2_00ABE3B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C43BC 0_2_009C43BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8E388 0_2_00A8E388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2E38D 0_2_00A2E38D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3239C 0_2_00A3239C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2C3EF 0_2_00A2C3EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CC3C8 0_2_009CC3C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A503F3 0_2_00A503F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A443CB 0_2_00A443CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB03DC 0_2_00AB03DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A523DB 0_2_00A523DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0321 0_2_00AA0321
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD033E 0_2_00AD033E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9033D 0_2_00A9033D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5C330 0_2_00A5C330
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8333 0_2_00AB8333
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C337 0_2_00A9C337
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EC332 0_2_009EC332
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC2318 0_2_00AC2318
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4C310 0_2_00A4C310
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3A314 0_2_00A3A314
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1E31A 0_2_00A1E31A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD6311 0_2_00AD6311
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5A364 0_2_00A5A364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF0379 0_2_00AF0379
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9E37E 0_2_00A9E37E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C37B 0_2_00A3C37B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96348 0_2_00A96348
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56350 0_2_00A56350
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2354 0_2_00AD2354
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC04BB 0_2_00AC04BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE049E 0_2_00AE049E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A72490 0_2_00A72490
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F24DF 0_2_009F24DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A404E1 0_2_00A404E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A924E4 0_2_00A924E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB24E5 0_2_00AB24E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A164C1 0_2_00A164C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8C4C8 0_2_00A8C4C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA4CF 0_2_00ABA4CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EA4F6 0_2_009EA4F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9A4C5 0_2_00A9A4C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B24EC 0_2_009B24EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A364D4 0_2_00A364D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A264D8 0_2_00A264D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A76426 0_2_00A76426
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FA41A 0_2_009FA41A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE41C 0_2_009BE41C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A06428 0_2_00A06428
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2442C 0_2_00A2442C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8A436 0_2_00A8A436
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A88402 0_2_00A88402
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8641F 0_2_00A8641F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC4412 0_2_00AC4412
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2E46B 0_2_00A2E46B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DA453 0_2_009DA453
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4A470 0_2_00A4A470
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098C47B 0_2_0098C47B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A246B 0_2_009A246B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B646E 0_2_009B646E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A085A7 0_2_00A085A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CA58A 0_2_009CA58A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C8586 0_2_009C8586
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6E5BA 0_2_00A6E5BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C05BD 0_2_009C05BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A18591 0_2_00A18591
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8259A 0_2_00A8259A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C65A9 0_2_009C65A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2C5F0 0_2_00A2C5F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB65FC 0_2_00AB65FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A5FE 0_2_00A1A5FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42524 0_2_00A42524
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00998515 0_2_00998515
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8453E 0_2_00A8453E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A80500 0_2_00A80500
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70516 0_2_00A70516
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AE528 0_2_009AE528
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20560 0_2_00A20560
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099C552 0_2_0099C552
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099E541 0_2_0099E541
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C2546 0_2_009C2546
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB0571 0_2_00AB0571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FC57D 0_2_009FC57D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC55D 0_2_00ADC55D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D869E 0_2_009D869E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D069A 0_2_009D069A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AA693 0_2_009AA693
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A166B5 0_2_00A166B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DE681 0_2_009DE681
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC6B1 0_2_00ADC6B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A54688 0_2_00A54688
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E66AF 0_2_009E66AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A00692 0_2_00A00692
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7669D 0_2_00A7669D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABC6E9 0_2_00ABC6E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C6E0 0_2_00A9C6E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A186ED 0_2_00A186ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A626F3 0_2_00A626F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A286FA 0_2_00A286FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE86C0 0_2_00AE86C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2A620 0_2_00A2A620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD6609 0_2_00AD6609
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E8635 0_2_009E8635
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F4631 0_2_009F4631
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A78613 0_2_00A78613
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6666F 0_2_00A6666F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A94660 0_2_00A94660
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAC666 0_2_00AAC666
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2266C 0_2_00A2266C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5A66A 0_2_00A5A66A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EA64D 0_2_009EA64D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAA67E 0_2_00AAA67E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7E67F 0_2_00A7E67F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3467F 0_2_00A3467F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1064A 0_2_00A1064A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A38655 0_2_00A38655
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099679D 0_2_0099679D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A247A5 0_2_00A247A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAE7A1 0_2_00AAE7A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACC79C 0_2_00ACC79C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE7AF 0_2_009BE7AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A27D7 0_2_009A27D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DA7CB 0_2_009DA7CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BA7C3 0_2_009BA7C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A867F0 0_2_00A867F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7E7FE 0_2_00A7E7FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE47D5 0_2_00AE47D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABE7D5 0_2_00ABE7D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3A721 0_2_00A3A721
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA872C 0_2_00AA872C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C8715 0_2_009C8715
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5672C 0_2_00A5672C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1C73D 0_2_00A1C73D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D2702 0_2_009D2702
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A50709 0_2_00A50709
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BC72F 0_2_009BC72F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F875E 0_2_009F875E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E075C 0_2_009E075C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA076C 0_2_00AA076C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C0745 0_2_009C0745
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C4740 0_2_009C4740
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CE743 0_2_009CE743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60743 0_2_00A60743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B6899 0_2_009B6899
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA8A3 0_2_00ABA8A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099E889 0_2_0099E889
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5E880 0_2_00A5E880
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADE88B 0_2_00ADE88B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA2886 0_2_00AA2886
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2688C 0_2_00A2688C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEE8EC 0_2_00AEE8EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A308ED 0_2_00A308ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B88FD 0_2_009B88FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A808CE 0_2_00A808CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A388C9 0_2_00A388C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA68D2 0_2_00AA68D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5C804 0_2_00A5C804
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A88805 0_2_00A88805
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D6825 0_2_009D6825
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0E819 0_2_00A0E819
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B285A 0_2_009B285A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C865 0_2_00A9C865
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98864 0_2_00A98864
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1E87C 0_2_00A1E87C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E487A 0_2_009E487A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F2874 0_2_009F2874
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC485B 0_2_00AC485B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC49AC 0_2_00AC49AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A9A0 0_2_00A1A9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A149A8 0_2_00A149A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA49A5 0_2_00AA49A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC89BB 0_2_00AC89BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3E9BF 0_2_00A3E9BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20982 0_2_00A20982
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FC9BB 0_2_009FC9BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42981 0_2_00A42981
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A48995 0_2_00A48995
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7499C 0_2_00A7499C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A349F6 0_2_00A349F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B49FF 0_2_009B49FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6A92E 0_2_00A6A92E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7292A 0_2_00A7292A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7A918 0_2_00A7A918
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB0968 0_2_00AB0968
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FE958 0_2_009FE958
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0966 0_2_00AA0966
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EC953 0_2_009EC953
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8897E 0_2_00A8897E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5E97D 0_2_00A5E97D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2897C 0_2_00A2897C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DC971 0_2_009DC971
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6AAA4 0_2_00A6AAA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A92AAA 0_2_00A92AAA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A76AA3 0_2_00A76AA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099AA97 0_2_0099AA97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A6A8B 0_2_009A6A8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98ABB 0_2_00A98ABB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD8AB4 0_2_00AD8AB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C0ABF 0_2_009C0ABF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6EA82 0_2_00A6EA82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD4A87 0_2_00AD4A87
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60A95 0_2_00A60A95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8CAEF 0_2_00A8CAEF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009ACAC2 0_2_009ACAC2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A4AC1 0_2_009A4AC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A94AF5 0_2_00A94AF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A18AC7 0_2_00A18AC7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A2AF7 0_2_009A2AF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABAA21 0_2_00ABAA21
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A02A36 0_2_00A02A36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABCA01 0_2_00ABCA01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D4A32 0_2_009D4A32
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BAA2D 0_2_009BAA2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D0A20 0_2_009D0A20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE4A11 0_2_00AE4A11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A58A66 0_2_00A58A66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A04A6F 0_2_00A04A6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0CA75 0_2_00A0CA75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A54A7C 0_2_00A54A7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36A47 0_2_00A36A47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E8A76 0_2_009E8A76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D2A72 0_2_009D2A72
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C8A6C 0_2_009C8A6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A8A63 0_2_009A8A63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D8A66 0_2_009D8A66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8BB8 0_2_00AB8BB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BCB83 0_2_009BCB83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABCB8A 0_2_00ABCB8A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA8B95 0_2_00AA8B95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A18BFF 0_2_00A18BFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0EBD7 0_2_00A0EBD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB4B28 0_2_00AB4B28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C4B0E 0_2_009C4B0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1CB37 0_2_00A1CB37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F0B01 0_2_009F0B01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4EB15 0_2_00A4EB15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E0B4C 0_2_009E0B4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CAB42 0_2_009CAB42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8EB4C 0_2_00A8EB4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC2B47 0_2_00AC2B47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABECAF 0_2_00ABECAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DAC9A 0_2_009DAC9A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A44CAE 0_2_00A44CAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1ACAF 0_2_00A1ACAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6CCB4 0_2_00A6CCB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD0CB6 0_2_00AD0CB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE2C8D 0_2_00AE2C8D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A40C81 0_2_00A40C81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC0C86 0_2_00AC0C86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DCCA7 0_2_009DCCA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8AC92 0_2_00A8AC92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9CCE8 0_2_00A9CCE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F8CDC 0_2_009F8CDC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABACE3 0_2_00ABACE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A90CE2 0_2_00A90CE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2CE6 0_2_00AD2CE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BECC5 0_2_009BECC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA2CCD 0_2_00AA2CCD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2CCD3 0_2_00A2CCD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70CD5 0_2_00A70CD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099ECE5 0_2_0099ECE5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00996C18 0_2_00996C18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E2C1A 0_2_009E2C1A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B8C28 0_2_009B8C28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C6C5F 0_2_009C6C5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A80C6D 0_2_00A80C6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A2C5D 0_2_009A2C5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B0C55 0_2_009B0C55
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A8C46 0_2_009A8C46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9AC4B 0_2_00A9AC4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EEC6F 0_2_009EEC6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5CC57 0_2_00A5CC57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAEDA2 0_2_00AAEDA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A22DA8 0_2_00A22DA8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACCD8F 0_2_00ACCD8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A74D83 0_2_00A74D83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC6D8B 0_2_00AC6D8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A28D93 0_2_00A28D93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1CD92 0_2_00A1CD92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3ED97 0_2_00A3ED97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A26DE1 0_2_00A26DE1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20DE6 0_2_00A20DE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A16DF2 0_2_00A16DF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A06DFD 0_2_00A06DFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB0DC0 0_2_00AB0DC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FEDF1 0_2_009FEDF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A4DF5 0_2_009A4DF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00998DEB 0_2_00998DEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AECDDC 0_2_00AECDDC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F0DE9 0_2_009F0DE9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6ADDD 0_2_00A6ADDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA6D2A 0_2_00AA6D2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC8D2C 0_2_00AC8D2C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8D29 0_2_00AB8D29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AACD20 0_2_00AACD20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DED11 0_2_009DED11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A32D31 0_2_00A32D31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A14D3C 0_2_00A14D3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A08D0D 0_2_00A08D0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AED23 0_2_009AED23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A30D60 0_2_00A30D60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB2D78 0_2_00AB2D78
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36D7D 0_2_00A36D7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA4D4C 0_2_00AA4D4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A46D43 0_2_00A46D43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A84D59 0_2_00A84D59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E8D63 0_2_009E8D63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CCE9D 0_2_009CCE9D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E0E85 0_2_009E0E85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D8EAC 0_2_009D8EAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6EE9C 0_2_00A6EE9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6CE9B 0_2_00A6CE9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A00E9E 0_2_00A00E9E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADCEF5 0_2_00ADCEF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CAEC1 0_2_009CAEC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8AEC9 0_2_00A8AEC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C8EFA 0_2_009C8EFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD6ED6 0_2_00AD6ED6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D2E19 0_2_009D2E19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A72E2B 0_2_00A72E2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B2E16 0_2_009B2E16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009F4E11 0_2_009F4E11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A48E36 0_2_00A48E36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD4E34 0_2_00AD4E34
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A58E3F 0_2_00A58E3F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BCE3E 0_2_009BCE3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9EE1D 0_2_00A9EE1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A64E13 0_2_00A64E13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A66E5A 0_2_00A66E5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A18FBE 0_2_00A18FBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A86FB7 0_2_00A86FB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB4F88 0_2_00AB4F88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8CF99 0_2_00A8CF99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A02F9F 0_2_00A02F9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56FE5 0_2_00A56FE5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABEFE9 0_2_00ABEFE9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5EFEB 0_2_00A5EFEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009CEFC2 0_2_009CEFC2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB6FF4 0_2_00AB6FF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0FCE 0_2_00AA0FCE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A92FC4 0_2_00A92FC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABCFC4 0_2_00ABCFC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D0F19 0_2_009D0F19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A34F27 0_2_00A34F27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A14F2A 0_2_00A14F2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A50F07 0_2_00A50F07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96F0E 0_2_00A96F0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AAF2D 0_2_009AAF2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7CF1D 0_2_00A7CF1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA8F69 0_2_00AA8F69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98F70 0_2_00A98F70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0AF41 0_2_00A0AF41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D4F76 0_2_009D4F76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1CF4D 0_2_00A1CF4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A04F50 0_2_00A04F50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5AF59 0_2_00A5AF59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD8F51 0_2_00AD8F51
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7F0A6 0_2_00A7F0A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9D0AD 0_2_00A9D0AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A750AF 0_2_00A750AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3B0B0 0_2_00A3B0B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1F0B8 0_2_00A1F0B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD1085 0_2_00AD1085
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3908F 0_2_00A3908F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF083 0_2_00ADF083
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BF0A6 0_2_009BF0A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FD0A1 0_2_009FD0A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FB0A0 0_2_009FB0A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A830E2 0_2_00A830E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6B0F2 0_2_00A6B0F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C50F0 0_2_009C50F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A090D1 0_2_00A090D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009EF016 0_2_009EF016
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099D013 0_2_0099D013
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E300F 0_2_009E300F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1300A 0_2_00A1300A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4D00F 0_2_00A4D00F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4B011 0_2_00A4B011
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC7014 0_2_00AC7014
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADB068 0_2_00ADB068
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7B043 0_2_00A7B043
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD3042 0_2_00AD3042
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009AF191 0_2_009AF191
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BB195 0_2_009BB195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1B1B4 0_2_00A1B1B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D3188 0_2_009D3188
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A071BD 0_2_00A071BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2F186 0_2_00A2F186
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC9180 0_2_00AC9180
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0F195 0_2_00A0F195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A91194 0_2_00A91194
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D71A2 0_2_009D71A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD51ED 0_2_00AD51ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC71ED 0_2_00AC71ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A691EC 0_2_00A691EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DD1C9 0_2_009DD1C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A451F2 0_2_00A451F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3F1FD 0_2_00A3F1FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA31C9 0_2_00AA31C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF1D9 0_2_00ADF1D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD11D7 0_2_00AD11D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A611D9 0_2_00A611D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACB12E 0_2_00ACB12E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9B123 0_2_00A9B123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F122 0_2_00A9F122
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA713B 0_2_00AA713B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099B10F 0_2_0099B10F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A37106 0_2_00A37106
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E7137 0_2_009E7137
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009E912F 0_2_009E912F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5F161 0_2_00A5F161
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADD17B 0_2_00ADD17B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C7145 0_2_009C7145
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A33140 0_2_00A33140
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D14A 0_2_00A6D14A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A916F 0_2_009A916F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC5153 0_2_00AC5153
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B9299 0_2_009B9299
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A852A6 0_2_00A852A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BD28A 0_2_009BD28A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD92B8 0_2_00AD92B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009ED289 0_2_009ED289
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00B546CE appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.1867255792.0000000000986000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.1867661924.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: wnpxidru ZLIB complexity 0.9950356088033536
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1704448 > 1048576
Source: file.exe Static PE information: Raw size of wnpxidru is bigger than: 0x100000 < 0x19a000
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1734054743.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1867244275.0000000000982000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.980000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wnpxidru:EW;ugnddmqc:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1a629f should be: 0x1aa165
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: wnpxidru
Source: file.exe Static PE information: section name: ugnddmqc
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098E5CC push esi; mov dword ptr [esp], ecx 0_2_0098E5CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098E5CC push 586F5019h; mov dword ptr [esp], ecx 0_2_0098F24C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098E5CC push 1AE95282h; mov dword ptr [esp], esi 0_2_0098F6B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00990C37 push ecx; mov dword ptr [esp], 3867F642h 0_2_00990C49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00990C37 push ebx; mov dword ptr [esp], edi 0_2_00990C5B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push 558CD86Fh; mov dword ptr [esp], ecx 0_2_00A6C54F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push 2D2E5F89h; mov dword ptr [esp], ecx 0_2_00A6C58C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push ecx; mov dword ptr [esp], 3FEA4AA9h 0_2_00A6C6C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push 1F49695Dh; mov dword ptr [esp], edi 0_2_00A6C707
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push edx; mov dword ptr [esp], ebx 0_2_00A6C751
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push esi; mov dword ptr [esp], edx 0_2_00A6C7A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push 1EAB3466h; mov dword ptr [esp], edx 0_2_00A6C7B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6C0E9 push eax; mov dword ptr [esp], esi 0_2_00A6C808
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B60030 push 6B9476E0h; mov dword ptr [esp], ebp 0_2_00B6004B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098C045 push ebx; mov dword ptr [esp], 41FC599Ch 0_2_0098C053
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push ebp; mov dword ptr [esp], 1F770500h 0_2_00AF421E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push ecx; mov dword ptr [esp], 11254AFCh 0_2_00AF42F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push 7B7A5DE2h; mov dword ptr [esp], edi 0_2_00AF4321
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push 14EF695Ah; mov dword ptr [esp], eax 0_2_00AF4443
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push edx; mov dword ptr [esp], 52479393h 0_2_00AF44C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push esi; mov dword ptr [esp], eax 0_2_00AF451A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push 2C55830Fh; mov dword ptr [esp], edi 0_2_00AF4537
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push ebx; mov dword ptr [esp], eax 0_2_00AF45D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push ebp; mov dword ptr [esp], ecx 0_2_00AF4614
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push ebx; mov dword ptr [esp], eax 0_2_00AF4622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push eax; mov dword ptr [esp], 7426D07Bh 0_2_00AF4705
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push 1FC3C07Dh; mov dword ptr [esp], ecx 0_2_00AF4762
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push 01F62F8Eh; mov dword ptr [esp], ecx 0_2_00AF4831
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push edx; mov dword ptr [esp], ebx 0_2_00AF4867
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push eax; mov dword ptr [esp], 586E1B40h 0_2_00AF4919
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF41FE push esi; mov dword ptr [esp], 0D31287Eh 0_2_00AF4994
Source: file.exe Static PE information: section name: entropy: 7.807345230582023
Source: file.exe Static PE information: section name: wnpxidru entropy: 7.953866841930244

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98E409 second address: 98E413 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98E413 second address: 98E417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98E417 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD9B523707Eh 0x0000000e nop 0x0000000f jng 00007FD9B523707Ch 0x00000015 push dword ptr [ebp+122D016Dh] 0x0000001b sub dword ptr [ebp+122D1FBAh], ebx 0x00000021 jmp 00007FD9B5237089h 0x00000026 call dword ptr [ebp+122D17E8h] 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D17C1h], ebx 0x00000033 xor eax, eax 0x00000035 pushad 0x00000036 mov edx, dword ptr [ebp+122D2DACh] 0x0000003c popad 0x0000003d mov dword ptr [ebp+122D17C1h], edx 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 jmp 00007FD9B523707Ah 0x0000004c mov dword ptr [ebp+122D17C1h], ebx 0x00000052 mov dword ptr [ebp+122D2D0Ch], eax 0x00000058 pushad 0x00000059 and ecx, 50A82D14h 0x0000005f mov eax, dword ptr [ebp+122D2CF8h] 0x00000065 popad 0x00000066 mov esi, 0000003Ch 0x0000006b add dword ptr [ebp+122D17C1h], edx 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D17C1h], ecx 0x0000007b lodsw 0x0000007d sub dword ptr [ebp+122D17C1h], ebx 0x00000083 mov dword ptr [ebp+122D17C1h], ecx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d cld 0x0000008e mov ebx, dword ptr [esp+24h] 0x00000092 jmp 00007FD9B5237082h 0x00000097 nop 0x00000098 push ebx 0x00000099 push eax 0x0000009a push edx 0x0000009b push eax 0x0000009c push edx 0x0000009d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98DC6A second address: 98DC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98DC6E second address: 98DC72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA30A second address: AFA318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA318 second address: AFA31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA61E second address: AFA62A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD9B4D7BAD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFA8D3 second address: AFA8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFAA51 second address: AFAA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BADCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFAA64 second address: AFAA6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFAA6C second address: AFAA73 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFAA73 second address: AFAA91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007FD9B5237086h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFAA91 second address: AFAA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD7C5 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 5E94ABDEh 0x0000000f push dword ptr [ebp+122D016Dh] 0x00000015 adc si, 70A7h 0x0000001a call dword ptr [ebp+122D17E8h] 0x00000020 pushad 0x00000021 mov dword ptr [ebp+122D17C1h], ebx 0x00000027 xor eax, eax 0x00000029 pushad 0x0000002a mov edx, dword ptr [ebp+122D2DACh] 0x00000030 popad 0x00000031 mov dword ptr [ebp+122D17C1h], edx 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b jmp 00007FD9B523707Ah 0x00000040 mov dword ptr [ebp+122D17C1h], ebx 0x00000046 mov dword ptr [ebp+122D2D0Ch], eax 0x0000004c pushad 0x0000004d and ecx, 50A82D14h 0x00000053 mov eax, dword ptr [ebp+122D2CF8h] 0x00000059 popad 0x0000005a mov esi, 0000003Ch 0x0000005f add dword ptr [ebp+122D17C1h], edx 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 mov dword ptr [ebp+122D17C1h], ecx 0x0000006f lodsw 0x00000071 sub dword ptr [ebp+122D17C1h], ebx 0x00000077 mov dword ptr [ebp+122D17C1h], ecx 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 cld 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 jmp 00007FD9B5237082h 0x0000008b nop 0x0000008c push ebx 0x0000008d push eax 0x0000008e push edx 0x0000008f push eax 0x00000090 push edx 0x00000091 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD885 second address: AFD8A6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B4D7BAE6h 0x00000008 jmp 00007FD9B4D7BAE0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD8A6 second address: AFD8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD8CE second address: AFD927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B4D7BADCh 0x0000000c popad 0x0000000d pop eax 0x0000000e jmp 00007FD9B4D7BAE4h 0x00000013 push 00000003h 0x00000015 mov edi, ebx 0x00000017 push 00000000h 0x00000019 sub dword ptr [ebp+122D1F47h], ecx 0x0000001f mov di, cx 0x00000022 push 00000003h 0x00000024 mov dword ptr [ebp+122D1F93h], edi 0x0000002a call 00007FD9B4D7BAD9h 0x0000002f pushad 0x00000030 pushad 0x00000031 jmp 00007FD9B4D7BADCh 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD927 second address: AFD944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B5237086h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD944 second address: AFD96B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007FD9B4D7BADAh 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jns 00007FD9B4D7BADAh 0x0000001c push esi 0x0000001d push edx 0x0000001e pop edx 0x0000001f pop esi 0x00000020 mov eax, dword ptr [eax] 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD96B second address: AFD97A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD97A second address: AFD9BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD9B4D7BADAh 0x0000000d popad 0x0000000e popad 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FD9B4D7BAD8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+1244370Dh] 0x00000030 push eax 0x00000031 pushad 0x00000032 jo 00007FD9B4D7BADCh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD9BB second address: AFD9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007FD9B5237076h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFD9C7 second address: AFD9CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDB09 second address: AFDB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 js 00007FD9B5237084h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDBCE second address: AFDBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDBD2 second address: AFDBD8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDBD8 second address: AFDC38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BADCh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007FD9B4D7BAD8h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 mov cx, 13DEh 0x00000034 add dh, FFFFFFECh 0x00000037 push 6E54B004h 0x0000003c push edx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDC38 second address: AFDCFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD9B5237076h 0x0000000a popad 0x0000000b pop edx 0x0000000c xor dword ptr [esp], 6E54B084h 0x00000013 clc 0x00000014 push 00000003h 0x00000016 mov ecx, 0FD58129h 0x0000001b cmc 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007FD9B5237078h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 mov esi, dword ptr [ebp+122D2A80h] 0x0000003e push 00000003h 0x00000040 call 00007FD9B5237088h 0x00000045 sbb si, 5208h 0x0000004a pop ecx 0x0000004b push 9812C7B9h 0x00000050 jne 00007FD9B52370A0h 0x00000056 xor dword ptr [esp], 5812C7B9h 0x0000005d pushad 0x0000005e or edx, dword ptr [ebp+122D2CA4h] 0x00000064 mov si, bx 0x00000067 popad 0x00000068 mov si, cx 0x0000006b lea ebx, dword ptr [ebp+12443721h] 0x00000071 sub edi, 57FC91E9h 0x00000077 xchg eax, ebx 0x00000078 push edx 0x00000079 pushad 0x0000007a push edi 0x0000007b pop edi 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFDCFE second address: AFDD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jbe 00007FD9B4D7BAD6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1D5BE second address: B1D5CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD9B523707Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1B4C5 second address: B1B4C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC0C second address: B1BC10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC10 second address: B1BC16 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC16 second address: B1BC1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC1C second address: B1BC22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC22 second address: B1BC26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BC26 second address: B1BC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007FD9B4D7BAD6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BD8B second address: B1BD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BEFA second address: B1BF00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BF00 second address: B1BF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1BF06 second address: B1BF12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD9B4D7BAD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1C03A second address: B1C03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1C34F second address: B1C377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD9B4D7BADCh 0x0000000b popad 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD9B4D7BAE0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1C377 second address: B1C38B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237080h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1C38B second address: B1C395 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD9B4D7BADEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1C395 second address: B1C39E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B10BCC second address: B10BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B10BD2 second address: B10BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1CC86 second address: B1CC97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FD9B4D7BAD8h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1CC97 second address: B1CCA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1CDDD second address: B1CE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD9B4D7BAD6h 0x0000000a je 00007FD9B4D7BAD6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jng 00007FD9B4D7BAD6h 0x00000019 jmp 00007FD9B4D7BAE3h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1CE09 second address: B1CE21 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B5237076h 0x00000008 jmp 00007FD9B523707Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1CE21 second address: B1CE25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1D0FF second address: B1D105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1D105 second address: B1D139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007FD9B4D7BAD6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jmp 00007FD9B4D7BADFh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007FD9B4D7BADFh 0x0000001b pushad 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B1D139 second address: B1D152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD9B523707Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B21FF6 second address: B21FFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1A0F second address: AF1A29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237086h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1A29 second address: AF1A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1A39 second address: AF1A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AF1A3D second address: AF1A41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B23F50 second address: B23F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B23F55 second address: B23F74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007FD9B4D7BAE8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B23F74 second address: B23F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B23F78 second address: B23F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28E0B second address: B28E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B281BE second address: B28219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 jmp 00007FD9B4D7BAE5h 0x0000000e popad 0x0000000f ja 00007FD9B4D7BADAh 0x00000015 jp 00007FD9B4D7BAE4h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FD9B4D7BADEh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28219 second address: B2822D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B523707Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2822D second address: B28231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B283BD second address: B283C4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2854F second address: B28554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28554 second address: B2855C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2855C second address: B28562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28ACD second address: B28AF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD9B5237086h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28AF3 second address: B28AFB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B28C53 second address: B28C6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B5237082h 0x00000008 js 00007FD9B523707Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A20E second address: B2A235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 1AD526B4h 0x00000010 mov esi, dword ptr [ebp+122D2D3Ch] 0x00000016 push 73E20F29h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A235 second address: B2A240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD9B5237076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A5F8 second address: B2A616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD9B4D7BAE4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A616 second address: B2A61A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2A61A second address: B2A620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2AEC6 second address: B2AECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2AECA second address: B2AED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2AED0 second address: B2AF20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FD9B5237081h 0x0000000e xchg eax, ebx 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FD9B5237078h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2EE4h], esi 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 push ebx 0x00000033 jmp 00007FD9B523707Ah 0x00000038 pop ebx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2B1A1 second address: B2B1B2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2B1B2 second address: B2B1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2B493 second address: B2B4E4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD9B4D7BAE4h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FD9B4D7BAD8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 add dword ptr [ebp+122D24BEh], ecx 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007FD9B4D7BADDh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2B4E4 second address: B2B4EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2D3B1 second address: B2D3BB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2DB63 second address: B2DB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2DB67 second address: B2DB7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2E754 second address: B2E75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30BD0 second address: B30BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B30BDE second address: B30BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE5DB0 second address: AE5DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE5DB6 second address: AE5DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3098B second address: B3099D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jno 00007FD9B4D7BAD6h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B35717 second address: B3571E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3670A second address: B3670E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B376C6 second address: B376DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B5237082h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B376DD second address: B3774B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FD9B4D7BAD6h 0x00000009 jno 00007FD9B4D7BAD6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 je 00007FD9B4D7BADAh 0x00000019 push edi 0x0000001a pushad 0x0000001b popad 0x0000001c pop edi 0x0000001d nop 0x0000001e pushad 0x0000001f mov dword ptr [ebp+122D3134h], esi 0x00000025 mov eax, dword ptr [ebp+122DB717h] 0x0000002b popad 0x0000002c push 00000000h 0x0000002e sub dword ptr [ebp+122D17EFh], eax 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FD9B4D7BAD8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov bx, E657h 0x00000054 xchg eax, esi 0x00000055 js 00007FD9B4D7BADEh 0x0000005b jl 00007FD9B4D7BAD8h 0x00000061 push edx 0x00000062 pop edx 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3774B second address: B3774F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3774F second address: B37755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B37755 second address: B3775A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3775A second address: B37760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B358EB second address: B358F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B358F0 second address: B358FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B387FA second address: B38800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B36915 second address: B36919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B36919 second address: B36923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3B820 second address: B3B82A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B4D7BADCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3AB30 second address: B3AB34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3C917 second address: B3C91C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3D79E second address: B3D7B4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD9B5237078h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007FD9B5237080h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CA73 second address: B3CA91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CA91 second address: B3CA96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3CB4A second address: B3CB4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3F812 second address: B3F81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FDD2 second address: B3FDF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 clc 0x0000000a push 00000000h 0x0000000c or dword ptr [ebp+122D2E6Ch], edx 0x00000012 sub dword ptr [ebp+122D1800h], ebx 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+12448011h], edx 0x00000020 xchg eax, esi 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FDF8 second address: B3FE18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FE18 second address: B3FE26 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FE26 second address: B3FE2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B40E42 second address: B40E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B40E5C second address: B40E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3D9BC second address: B3D9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3FF1D second address: B3FF64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9B5237083h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD9B5237089h 0x00000015 jmp 00007FD9B523707Fh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B42F03 second address: B42F08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B43EA1 second address: B43EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B43EA8 second address: B43EAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B43EAE second address: B43EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B431CC second address: B431D1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B45012 second address: B4502B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B523707Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B44134 second address: B441D7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B4D7BAD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FD9B4D7BAD8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jno 00007FD9B4D7BAD9h 0x0000002f sub dword ptr [ebp+122D24A7h], edi 0x00000035 push dword ptr fs:[00000000h] 0x0000003c or bl, 00000045h 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 movzx edi, si 0x00000049 mov ebx, 32B9254Dh 0x0000004e mov eax, dword ptr [ebp+122D1331h] 0x00000054 call 00007FD9B4D7BAE3h 0x00000059 mov bl, al 0x0000005b pop edi 0x0000005c push FFFFFFFFh 0x0000005e mov ebx, dword ptr [ebp+122DB736h] 0x00000064 nop 0x00000065 pushad 0x00000066 push eax 0x00000067 pushad 0x00000068 popad 0x00000069 pop eax 0x0000006a push ebx 0x0000006b jmp 00007FD9B4D7BAE3h 0x00000070 pop ebx 0x00000071 popad 0x00000072 push eax 0x00000073 push edi 0x00000074 push eax 0x00000075 push edx 0x00000076 jc 00007FD9B4D7BAD6h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B4502B second address: B45096 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push edi 0x00000009 jnp 00007FD9B5237077h 0x0000000f pop ebx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FD9B5237078h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c adc bx, D6FAh 0x00000031 jmp 00007FD9B5237088h 0x00000036 xor dword ptr [ebp+122D2443h], ebx 0x0000003c push 00000000h 0x0000003e pushad 0x0000003f mov eax, 516EC800h 0x00000044 or eax, dword ptr [ebp+122D2E97h] 0x0000004a popad 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f push eax 0x00000050 pop eax 0x00000051 pop ecx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B45096 second address: B450BC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD9B4D7BADCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD9B4D7BAE3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B46097 second address: B4609C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B45252 second address: B45272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BAE9h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B45313 second address: B4531A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B49963 second address: B49967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C1F second address: B51C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C25 second address: B51C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BAE7h 0x00000009 jp 00007FD9B4D7BAD6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C46 second address: B51C50 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD9B5237076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C50 second address: B51C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FD9B4D7BAE2h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jng 00007FD9B4D7BAF1h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C73 second address: B51C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B5237085h 0x00000009 jnp 00007FD9B5237078h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C98 second address: B51C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51C9C second address: B51CAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51324 second address: B51328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51328 second address: B5132E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5132E second address: B51333 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51333 second address: B5134F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD9B5237081h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51621 second address: B51625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51625 second address: B51629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B51629 second address: B51634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B517B3 second address: B517B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B517B7 second address: B517BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B5326D second address: B53280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FD9B5237078h 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B53280 second address: B53284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62DBC second address: B62E12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e jnc 00007FD9B523708Fh 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ebx 0x00000018 push edx 0x00000019 jl 00007FD9B5237076h 0x0000001f pop edx 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 jnl 00007FD9B5237084h 0x0000002b push eax 0x0000002c push edx 0x0000002d jg 00007FD9B5237076h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62ED6 second address: B62EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62EE0 second address: B62EEE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62EEE second address: B62EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62EF2 second address: B62EFF instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62EFF second address: B62F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BAE9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62F24 second address: B62F46 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD9B5237078h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push ebx 0x0000000f push edi 0x00000010 jns 00007FD9B5237076h 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B62F46 second address: B62F4C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B63020 second address: 98DC6A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B523707Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e js 00007FD9B5237080h 0x00000014 jmp 00007FD9B523707Ah 0x00000019 pop eax 0x0000001a stc 0x0000001b push dword ptr [ebp+122D016Dh] 0x00000021 pushad 0x00000022 adc edi, 0091DD99h 0x00000028 popad 0x00000029 call dword ptr [ebp+122D17E8h] 0x0000002f pushad 0x00000030 mov dword ptr [ebp+122D17C1h], ebx 0x00000036 xor eax, eax 0x00000038 pushad 0x00000039 mov edx, dword ptr [ebp+122D2DACh] 0x0000003f popad 0x00000040 mov dword ptr [ebp+122D17C1h], edx 0x00000046 mov edx, dword ptr [esp+28h] 0x0000004a jmp 00007FD9B523707Ah 0x0000004f mov dword ptr [ebp+122D17C1h], ebx 0x00000055 mov dword ptr [ebp+122D2D0Ch], eax 0x0000005b pushad 0x0000005c and ecx, 50A82D14h 0x00000062 mov eax, dword ptr [ebp+122D2CF8h] 0x00000068 popad 0x00000069 mov esi, 0000003Ch 0x0000006e add dword ptr [ebp+122D17C1h], edx 0x00000074 add esi, dword ptr [esp+24h] 0x00000078 mov dword ptr [ebp+122D17C1h], ecx 0x0000007e lodsw 0x00000080 sub dword ptr [ebp+122D17C1h], ebx 0x00000086 mov dword ptr [ebp+122D17C1h], ecx 0x0000008c add eax, dword ptr [esp+24h] 0x00000090 cld 0x00000091 mov ebx, dword ptr [esp+24h] 0x00000095 jmp 00007FD9B5237082h 0x0000009a nop 0x0000009b push ebx 0x0000009c push eax 0x0000009d push edx 0x0000009e push eax 0x0000009f push edx 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67F9C second address: B67FA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67FA6 second address: B67FAF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B66BB9 second address: B66BC6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAD8h 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67148 second address: B6714E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6746A second address: B67488 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD9B4D7BADCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67488 second address: B6748C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67606 second address: B6760C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6760C second address: B67610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67610 second address: B67626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD9B4D7BADCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67626 second address: B6762A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6762A second address: B67642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67642 second address: B67649 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67649 second address: B67668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FD9B4D7BAE7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67668 second address: B6766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677C5 second address: B677CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677CB second address: B677CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677CF second address: B677F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FD9B4D7BAEDh 0x0000000c jmp 00007FD9B4D7BAE5h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B677F2 second address: B677FC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD9B5237093h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67C5B second address: B67C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B4D7BAE9h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B67C7D second address: B67C97 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD9B5237081h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B31CBD second address: B10BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD9B4D7BAD6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FD9B4D7BAE7h 0x00000013 popad 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 pushad 0x00000019 mov eax, dword ptr [ebp+122D2E88h] 0x0000001f popad 0x00000020 lea eax, dword ptr [ebp+12477A46h] 0x00000026 call 00007FD9B4D7BAE3h 0x0000002b add edi, dword ptr [ebp+122D2D64h] 0x00000031 pop edi 0x00000032 push eax 0x00000033 jmp 00007FD9B4D7BAE4h 0x00000038 mov dword ptr [esp], eax 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007FD9B4D7BAD8h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 xor edi, 1907E897h 0x0000005b call dword ptr [ebp+1243FFF8h] 0x00000061 push eax 0x00000062 push edx 0x00000063 jp 00007FD9B4D7BAE3h 0x00000069 jmp 00007FD9B4D7BADDh 0x0000006e push ecx 0x0000006f jmp 00007FD9B4D7BAE5h 0x00000074 pop ecx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3225B second address: B32261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32261 second address: B32265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32311 second address: B3232C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237087h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3232C second address: B32343 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007FD9B4D7BADCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32343 second address: B32347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3244B second address: B3244F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32508 second address: B32512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD9B5237076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32F32 second address: B32F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32F36 second address: B32F48 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jbe 00007FD9B5237084h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C45E second address: B6C468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C468 second address: B6C472 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C472 second address: B6C478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C5D0 second address: B6C5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C5D6 second address: B6C628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007FD9B4D7BAD6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e ja 00007FD9B4D7BAD6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnp 00007FD9B4D7BAF2h 0x0000001d jmp 00007FD9B4D7BAE6h 0x00000022 jp 00007FD9B4D7BAD6h 0x00000028 jmp 00007FD9B4D7BAE9h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6C628 second address: B6C62D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6CA3E second address: B6CA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007FD9B4D7BAE1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B6CBDF second address: B6CBF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FD9B5237084h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7174B second address: B7174F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AE5DA0 second address: AE5DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 je 00007FD9B523707Ah 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B71186 second address: B711BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FD9B4D7BAE9h 0x0000000d ja 00007FD9B4D7BAD6h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007FD9B4D7BAD6h 0x0000001c ja 00007FD9B4D7BAD6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B71EC9 second address: B71ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7219C second address: B721C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FD9B4D7BAE1h 0x0000000b popad 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD9B4D7BAE0h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B721C7 second address: B721CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B721CD second address: B721D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD9B4D7BAD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B75CAF second address: B75CCA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD9B5237085h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B75CCA second address: B75CE7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jno 00007FD9B4D7BADCh 0x0000000f jo 00007FD9B4D7BADEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7A108 second address: B7A10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7AA96 second address: B7AAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7AD2F second address: B7AD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F2D7 second address: B7F2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F2DB second address: B7F2E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F2E1 second address: B7F2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F2E7 second address: B7F2F1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD9B523707Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F2F1 second address: B7F329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007FD9B4D7BAE8h 0x00000013 jl 00007FD9B4D7BAD6h 0x00000019 jmp 00007FD9B4D7BADCh 0x0000001e jnl 00007FD9B4D7BAD8h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F329 second address: B7F331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7F331 second address: B7F335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8186E second address: B81890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 jmp 00007FD9B5237085h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B81890 second address: B818A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE0h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B81562 second address: B81586 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FD9B5237085h 0x0000000c jmp 00007FD9B523707Dh 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B84109 second address: B84116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FD9B4D7BADCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B84116 second address: B84120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B84276 second address: B8427A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8427A second address: B84290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237082h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B843BE second address: B843ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD9B4D7BAE2h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B843ED second address: B843F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B89452 second address: B89465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88794 second address: B8879A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8879A second address: B887A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B887A5 second address: B887B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B5237076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B887B0 second address: B887B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B887B5 second address: B887BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B887BB second address: B887CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FD9B4D7BAD6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88946 second address: B8894A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88C29 second address: B88C33 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD9B4D7BAE7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88C33 second address: B88C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B523707Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88C48 second address: B88C50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B88C50 second address: B88C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEE3B7 second address: AEE3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FD9B4D7BADDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEE3CD second address: AEE3EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FD9B5237085h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AEE3EB second address: AEE3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8E9B6 second address: B8E9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B5237087h 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD9B5237081h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8E9EE second address: B8E9F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8EB8A second address: B8EBA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FD9B5237080h 0x0000000a jo 00007FD9B5237084h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8EBA8 second address: B8EBAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B3293C second address: B32953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD9B523707Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B32953 second address: B329F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD9B4D7BAE0h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov di, cx 0x00000011 mov ebx, dword ptr [ebp+12477A85h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FD9B4D7BAD8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 xor edx, dword ptr [ebp+122D3844h] 0x00000037 add eax, ebx 0x00000039 mov dl, FEh 0x0000003b push eax 0x0000003c jmp 00007FD9B4D7BAE0h 0x00000041 mov dword ptr [esp], eax 0x00000044 mov dword ptr [ebp+1243D7D4h], ebx 0x0000004a call 00007FD9B4D7BAE6h 0x0000004f mov dl, DCh 0x00000051 pop edi 0x00000052 push 00000004h 0x00000054 jmp 00007FD9B4D7BAE3h 0x00000059 xor dword ptr [ebp+122D3683h], eax 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 push edx 0x00000066 pop edx 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8ECF5 second address: B8ED10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FD9B523707Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8EE72 second address: B8EE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8F8CB second address: B8F8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92B5D second address: B92B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FD9B4D7BAD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92B68 second address: B92B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD9B5237076h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jns 00007FD9B5237086h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92B9A second address: B92BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92BA0 second address: B92BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92BA4 second address: B92BC0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FD9B4D7BAE2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92818 second address: B92838 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FD9B5237082h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007FD9B5237076h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B92838 second address: B9283C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9283C second address: B92842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B97EF8 second address: B97EFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98090 second address: B98094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B981BF second address: B981C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B981C3 second address: B981F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD9B523707Bh 0x00000016 jmp 00007FD9B5237087h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B981F6 second address: B98207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD9B4D7BADBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B987A0 second address: B987AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B987AB second address: B987B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B987B1 second address: B987B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98A6C second address: B98A70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98A70 second address: B98A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FD9B5237085h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98A90 second address: B98A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98DA7 second address: B98DB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD9B5237076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98DB3 second address: B98DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98DBB second address: B98DBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B98DBF second address: B98DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99385 second address: B99389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99654 second address: B99659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99659 second address: B9966C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B523707Dh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9966C second address: B99670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99CA7 second address: B99CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B523707Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99CB5 second address: B99CBF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD9B4D7BAD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99CBF second address: B99CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FD9B5237076h 0x0000000e jne 00007FD9B5237076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B99CD3 second address: B99CD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B9F5F2 second address: B9F60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 je 00007FD9B523708Ch 0x0000000e jo 00007FD9B523707Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA0BCC second address: BA0BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B4D7BADEh 0x00000009 jmp 00007FD9B4D7BADFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA3C96 second address: BA3C9F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA3F47 second address: BA3F64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA3F64 second address: BA3F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA43B5 second address: BA43B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA47F4 second address: BA4802 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FD9B5237076h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA4802 second address: BA4806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BA4806 second address: BA482A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD9B5237076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jp 00007FD9B5237076h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 jmp 00007FD9B523707Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BABBA0 second address: BABBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BABBA4 second address: BABBBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FD9B5237082h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAC193 second address: BAC198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAC340 second address: BAC35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD9B5237076h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007FD9B5237080h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAC35F second address: BAC38B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FD9B4D7BADAh 0x00000010 jmp 00007FD9B4D7BAE0h 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BACA1D second address: BACA2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAD38D second address: BAD3A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FD9B4D7BAD6h 0x0000000d jmp 00007FD9B4D7BADCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAF81A second address: BAF821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAF821 second address: BAF826 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAF826 second address: BAF859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FD9B5237083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007FD9B523708Eh 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 ja 00007FD9B5237076h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB4CAA second address: BB4CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB4E65 second address: BB4E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB4FC2 second address: BB4FC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB4FC6 second address: BB4FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB4FCC second address: BB501A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B4D7BAF4h 0x00000008 pushad 0x00000009 je 00007FD9B4D7BAD6h 0x0000000f jmp 00007FD9B4D7BAE9h 0x00000014 jno 00007FD9B4D7BAD6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB501A second address: BB502A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jl 00007FD9B523707Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB502A second address: BB505E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007FD9B4D7BAE6h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jmp 00007FD9B4D7BAE5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB505E second address: BB5068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC0FA3 second address: BC0FB0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD9B4D7BAD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC0FB0 second address: BC0FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC0FB6 second address: BC0FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD9B4D7BAE2h 0x00000009 jns 00007FD9B4D7BAD6h 0x0000000f popad 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC0FD8 second address: BC0FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC3AC1 second address: BC3AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB62F second address: BCB63A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007FD9B5237076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA23F second address: BCA247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA247 second address: BCA251 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD9B5237076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA251 second address: BCA267 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE1h 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA90B second address: BDA90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA90F second address: BDA92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD9B4D7BAE5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA92A second address: BDA94C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237088h 0x00000009 jnc 00007FD9B5237076h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA94C second address: BDA963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA963 second address: BDA977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FD9B5237076h 0x0000000e jne 00007FD9B5237076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDA977 second address: BDA97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDAAD9 second address: BDAAFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FD9B523707Fh 0x0000000e pop edi 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDAAFA second address: BDAB0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB19E second address: BDB1AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB1AD second address: BDB1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDBE2B second address: BDBE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FD9B5237082h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDE941 second address: BDE945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDE945 second address: BDE949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDEAB2 second address: BDEAB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE1222 second address: BE123F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE123F second address: BE1245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE29D2 second address: BE29E5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD9B5237076h 0x00000008 jne 00007FD9B5237076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE29E5 second address: BE29EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE29EA second address: BE2A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FD9B5237076h 0x00000009 pushad 0x0000000a popad 0x0000000b jno 00007FD9B5237076h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jg 00007FD9B5237076h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2A08 second address: BE2A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2A0C second address: BE2A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2A12 second address: BE2A17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2A17 second address: BE2A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD9B5237076h 0x0000000a je 00007FD9B5237076h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FD9B523707Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2A3A second address: BE2A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE2881 second address: BE2885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF6C67 second address: BF6C6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF6C6B second address: BF6C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C01E3E second address: C01E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C01FC9 second address: C01FF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 push ecx 0x00000008 jmp 00007FD9B5237082h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C01FF9 second address: C01FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C02329 second address: C02338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FD9B5237076h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0246A second address: C0246E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0246E second address: C0248B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B5237076h 0x00000008 jmp 00007FD9B5237083h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0248B second address: C02490 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C02490 second address: C02496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C028A4 second address: C028D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jns 00007FD9B4D7BAD6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edi 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0412B second address: C04131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C06FE8 second address: C07008 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BAE0h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007FD9B4D7BAD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0A1DF second address: C0A21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B523707Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007FD9B523707Eh 0x00000011 popad 0x00000012 pop ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD9B5237082h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0A21B second address: C0A21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0A21F second address: C0A234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0A234 second address: C0A243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FD9B4D7BAD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0F309 second address: C0F357 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237081h 0x00000007 jmp 00007FD9B5237083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FD9B5237084h 0x00000016 je 00007FD9B5237076h 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0F357 second address: C0F379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007FD9B4D7BADDh 0x0000000d jmp 00007FD9B4D7BADCh 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C11BAD second address: C11BC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD9B5237081h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C11BC2 second address: C11BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13B88 second address: C13BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B5237084h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13BA2 second address: C13BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD9B4D7BADCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c jne 00007FD9B4D7BAD6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13BBE second address: C13BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13BC6 second address: C13BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1575D second address: C15763 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C15763 second address: C1577F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edi 0x00000008 push eax 0x00000009 jmp 00007FD9B4D7BAE1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1577F second address: C15795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD9B523707Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C15795 second address: C15799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0B08D second address: C0B09A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FD9B5237076h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C07154 second address: C07159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C07427 second address: C0742B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0742B second address: C07435 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD9B4D7BAD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C07435 second address: C07447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C07447 second address: C0744E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B2CF62 second address: B2CF81 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD9B523707Ch 0x00000008 je 00007FD9B5237076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD9B523707Ch 0x00000018 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 98DCEC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: B499B2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: B22B57 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: BBAF55 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4D50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4DF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6DF0000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098E10B rdtsc 0_2_0098E10B
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\Desktop\file.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7472 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5BF23 GetSystemInfo,VirtualAlloc, 0_2_00B5BF23
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098E10B rdtsc 0_2_0098E10B
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0098B91D LdrInitializeThunk, 0_2_0098B91D
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1867267355.0000000000B01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: AProgram Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5881B GetSystemTime,GetFileTime, 0_2_00B5881B

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532769 Sample: file.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 AI detected suspicious sample 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos