Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1532901
MD5: a024a8a076c6f3f2ee6dd97c51cd72a8
SHA1: 1c995e44fae09f8f711a16bb6b26fae957eb1706
SHA256: ffe3772fdb21678a4614b824fb3f2018eee8fad7d9358063b5d0538a0e043685
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to detect virtual machines (SIDT)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 58% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044F94E CryptVerifySignatureA, 0_2_0044F94E
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1249315037.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382235599.0000000000262000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 0_2_0040B019
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00280168 0_2_00280168
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002B61AA 0_2_002B61AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E61D2 0_2_003E61D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002BC264 0_2_002BC264
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0031A262 0_2_0031A262
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003463AC 0_2_003463AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DF471 0_2_003DF471
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003375E3 0_2_003375E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0027F7E5 0_2_0027F7E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E984F 0_2_003E984F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D88DB 0_2_003D88DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E2B4C 0_2_003E2B4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D6D6D 0_2_003D6D6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CD9A 0_2_0040CD9A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CDA8 0_2_0040CDA8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CF45 0_2_0040CF45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CF58 0_2_0040CF58
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00441F05 0_2_00441F05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DBF74 0_2_003DBF74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040CF3C 0_2_0040CF3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A0F9D 0_2_003A0F9D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040AFFE 0_2_0040AFFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E0FDA 0_2_003E0FDA
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0044A943 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000000.1241348839.0000000000266000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: dxnzjtng ZLIB complexity 0.9950414023310711
Source: file.exe Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe Virustotal: Detection: 58%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1760256 > 1048576
Source: file.exe Static PE information: Raw size of dxnzjtng is bigger than: 0x100000 < 0x1a7a00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1249315037.0000000004A20000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382235599.0000000000262000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.260000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dxnzjtng:EW;bnjbabth:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1b1df1 should be: 0x1ae20f
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: dxnzjtng
Source: file.exe Static PE information: section name: bnjbabth
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE11B push 2E83766Eh; mov dword ptr [esp], edx 0_2_003FF345
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004006E4 push ebx; mov dword ptr [esp], ebp 0_2_00402BD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004006E4 push 4F9C368Ch; mov dword ptr [esp], edx 0_2_00402BF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402043 push 40DEF415h; mov dword ptr [esp], esp 0_2_00403113
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FF01B push edx; mov dword ptr [esp], esi 0_2_0040183A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FF01B push 6AB3CA60h; mov dword ptr [esp], edi 0_2_00401842
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00405074 push eax; mov dword ptr [esp], 75FBD99Ch 0_2_0040507F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE002 push ecx; mov dword ptr [esp], ebp 0_2_00400BBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE06F push edi; mov dword ptr [esp], esi 0_2_00402215
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 push 63908730h; mov dword ptr [esp], ecx 0_2_0040B044
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 push esi; mov dword ptr [esp], eax 0_2_0040B05C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 push 25F19B49h; mov dword ptr [esp], ebp 0_2_0040B09B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 push 55ABFE58h; mov dword ptr [esp], eax 0_2_0040B16A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2063 push 34CC181Eh; mov dword ptr [esp], ecx 0_2_003F20AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0C6 push 2BC2AC8Ch; mov dword ptr [esp], edx 0_2_0040D147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0C6 push 52BE33A0h; mov dword ptr [esp], esi 0_2_0040D1E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0C6 push 1D19D1B1h; mov dword ptr [esp], edi 0_2_0040D22F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0D0 push 2BC2AC8Ch; mov dword ptr [esp], edx 0_2_0040D147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0D0 push 52BE33A0h; mov dword ptr [esp], esi 0_2_0040D1E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040D0D0 push 1D19D1B1h; mov dword ptr [esp], edi 0_2_0040D22F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004060FB push ebp; ret 0_2_0040610A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049608E push edi; mov dword ptr [esp], 5F9B3F9Dh 0_2_0049610C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049608E push edx; mov dword ptr [esp], edi 0_2_0049617C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049608E push esi; mov dword ptr [esp], esp 0_2_0049619B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049608E push 0EDF082Eh; mov dword ptr [esp], edi 0_2_004961DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049608E push ecx; mov dword ptr [esp], eax 0_2_00496229
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FF0F7 push eax; mov dword ptr [esp], 49817010h 0_2_0040122E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FF0F7 push eax; mov dword ptr [esp], edx 0_2_004021BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040608B push ecx; ret 0_2_0040609A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040508E push 3C92231Ah; mov dword ptr [esp], esi 0_2_004050B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C6099 push ebp; mov dword ptr [esp], esp 0_2_004C60F1
Source: file.exe Static PE information: section name: entropy: 7.745521434288489
Source: file.exe Static PE information: section name: dxnzjtng entropy: 7.9537812643556745

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F1D9D second address: 3F1DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F1DA1 second address: 3F1DF1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007FC0786FEE62h 0x00000010 push ecx 0x00000011 jg 00007FC0786FEE56h 0x00000017 jmp 00007FC0786FEE64h 0x0000001c pop ecx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC0786FEE65h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F0E06 second address: 3F0E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F0E0A second address: 3F0E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F1091 second address: 3F10AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC078863605h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F10AC second address: 3F10B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F10B0 second address: 3F10BA instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC0788635F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F10BA second address: 3F10E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC0786FEE5Eh 0x0000000d jmp 00007FC0786FEE68h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F10E8 second address: 3F10EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F1258 second address: 3F125C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F125C second address: 3F1267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F1267 second address: 3F128C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jg 00007FC0786FEE56h 0x0000000e jmp 00007FC0786FEE5Fh 0x00000013 js 00007FC0786FEE56h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F466B second address: 3F46E8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC0788635F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007FC0788635F6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 popad 0x00000015 pop eax 0x00000016 js 00007FC078863602h 0x0000001c jg 00007FC0788635FCh 0x00000022 push 00000003h 0x00000024 cmc 0x00000025 call 00007FC0788635FEh 0x0000002a call 00007FC078863606h 0x0000002f mov cl, 4Eh 0x00000031 pop edx 0x00000032 pop ecx 0x00000033 push 00000000h 0x00000035 push 00000003h 0x00000037 mov edx, dword ptr [ebp+122D2BFDh] 0x0000003d call 00007FC0788635F9h 0x00000042 pushad 0x00000043 push esi 0x00000044 jng 00007FC0788635F6h 0x0000004a pop esi 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FC0788635FCh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F46E8 second address: 3F4704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FC0786FEE56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F4704 second address: 3F471D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [eax] 0x00000015 push esi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F471D second address: 3F473D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Ah 0x00000009 popad 0x0000000a pop esi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC0786FEE5Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F473D second address: 3F4791 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC0788635F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b adc edi, 39F256DAh 0x00000011 lea ebx, dword ptr [ebp+1245A4E9h] 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FC0788635F8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov dl, ch 0x00000033 mov esi, dword ptr [ebp+122D1FF0h] 0x00000039 mov dh, ah 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FC0788635FFh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F47D2 second address: 3F48A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ecx, dword ptr [ebp+122D2BE5h] 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 jmp 00007FC0786FEE67h 0x0000001a pop edx 0x0000001b call 00007FC0786FEE59h 0x00000020 jmp 00007FC0786FEE5Ch 0x00000025 push eax 0x00000026 push ecx 0x00000027 jmp 00007FC0786FEE5Bh 0x0000002c pop ecx 0x0000002d mov eax, dword ptr [esp+04h] 0x00000031 push edx 0x00000032 js 00007FC0786FEE58h 0x00000038 pushad 0x00000039 popad 0x0000003a pop edx 0x0000003b mov eax, dword ptr [eax] 0x0000003d jmp 00007FC0786FEE64h 0x00000042 mov dword ptr [esp+04h], eax 0x00000046 jns 00007FC0786FEE5Eh 0x0000004c pop eax 0x0000004d mov ch, bh 0x0000004f push 00000003h 0x00000051 push 00000000h 0x00000053 mov cl, bl 0x00000055 push 00000003h 0x00000057 cmc 0x00000058 and edx, 4EB87BDEh 0x0000005e call 00007FC0786FEE59h 0x00000063 jc 00007FC0786FEE5Eh 0x00000069 push esi 0x0000006a jbe 00007FC0786FEE56h 0x00000070 pop esi 0x00000071 push eax 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007FC0786FEE62h 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F48A8 second address: 3F48AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F48AC second address: 3F48EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FC0786FEE6Dh 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ebx 0x00000012 pushad 0x00000013 jmp 00007FC0786FEE67h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F48EF second address: 3F4900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FC0788635F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F4900 second address: 3F4987 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jg 00007FC0786FEE68h 0x00000014 pop eax 0x00000015 jmp 00007FC0786FEE69h 0x0000001a lea ebx, dword ptr [ebp+1245A4F2h] 0x00000020 movzx esi, bx 0x00000023 xchg eax, ebx 0x00000024 jmp 00007FC0786FEE69h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FC0786FEE5Dh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3F4987 second address: 3F498D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4061E8 second address: 406202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC0786FEE61h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4139C5 second address: 4139C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 413B18 second address: 413B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC0786FEE56h 0x0000000a ja 00007FC0786FEE56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 413B28 second address: 413B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863601h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4140CB second address: 4140DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FC0786FEE56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FC0786FEE56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4140DF second address: 4140E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4140E3 second address: 4140FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE64h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4140FD second address: 414103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414103 second address: 414107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414107 second address: 41410B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414400 second address: 414418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC0786FEE61h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414418 second address: 41441D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414831 second address: 414836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 414C64 second address: 414C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415266 second address: 41526A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 41526A second address: 415298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863606h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007FC078863600h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415298 second address: 4152B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE61h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 41570E second address: 415712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415A9C second address: 415AA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415AA2 second address: 415AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415AA6 second address: 415AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FC0786FEE56h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 415AB8 second address: 415ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 417017 second address: 417043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007FC0786FEE5Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC0786FEE68h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 417043 second address: 417047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3E4288 second address: 3E4291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 419543 second address: 419547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 419547 second address: 41954B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 41954B second address: 419551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 419711 second address: 419715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 41865F second address: 418663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 420BFD second address: 420C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 420D62 second address: 420D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 420E98 second address: 420E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 420E9C second address: 420EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4211D8 second address: 4211DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4211DC second address: 4211E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42209C second address: 4220B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007FC0786FEE5Dh 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 422251 second address: 422257 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42298C second address: 422992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 422992 second address: 4229CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebx 0x0000000e xor esi, dword ptr [ebp+122D1ED0h] 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC0788635FEh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4229CD second address: 4229D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4229D3 second address: 4229DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 422E0B second address: 422E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 422F8D second address: 422FBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC078863606h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42355D second address: 42356A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FC0786FEE56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42356A second address: 423577 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 423577 second address: 42357B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 424007 second address: 42400D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 425095 second address: 4250B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE66h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4250B0 second address: 4250BA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC0788635FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4250BA second address: 42514A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC0786FEE5Dh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FC0786FEE58h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FC0786FEE58h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 jmp 00007FC0786FEE5Ah 0x0000004a xchg eax, ebx 0x0000004b jnc 00007FC0786FEE5Ah 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 jmp 00007FC0786FEE63h 0x00000059 push esi 0x0000005a pop esi 0x0000005b popad 0x0000005c jbe 00007FC0786FEE5Ch 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42654F second address: 4265A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FC0788635F6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FC0788635F8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007FC0788635F8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 add dword ptr [ebp+122D3552h], ebx 0x0000004d push eax 0x0000004e pushad 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4265A8 second address: 4265B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC0786FEE56h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4265B7 second address: 4265BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4270E4 second address: 42715E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c jmp 00007FC0786FEE63h 0x00000011 sub di, F316h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FC0786FEE58h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FC0786FEE58h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e and esi, dword ptr [ebp+122D3986h] 0x00000054 xchg eax, ebx 0x00000055 push edx 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 426E4E second address: 426E57 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 426E57 second address: 426E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FC0786FEE5Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 426E6D second address: 426E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 427AAE second address: 427ADE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC0786FEE67h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 427ADE second address: 427AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4286C6 second address: 4286D0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC0786FEE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4286D0 second address: 4286F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FC078863609h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4286F6 second address: 4286FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3E2652 second address: 3E265B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3E265B second address: 3E2663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3E2663 second address: 3E2692 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC0788635FEh 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007FC0788635F8h 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FC0788635FFh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42DABA second address: 42DAC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42E067 second address: 42E0FD instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC0788635F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FC0788635F8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov ebx, dword ptr [ebp+122D2B9Dh] 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007FC0788635F8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 movsx ebx, cx 0x0000004b mov edi, 64169719h 0x00000050 push 00000000h 0x00000052 push 00000000h 0x00000054 push edi 0x00000055 call 00007FC0788635F8h 0x0000005a pop edi 0x0000005b mov dword ptr [esp+04h], edi 0x0000005f add dword ptr [esp+04h], 0000001Ch 0x00000067 inc edi 0x00000068 push edi 0x00000069 ret 0x0000006a pop edi 0x0000006b ret 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007FC078863607h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42E255 second address: 42E259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42F0AD second address: 42F0E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FC078863609h 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f jc 00007FC07886360Ch 0x00000015 pushad 0x00000016 jmp 00007FC0788635FEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42FE6A second address: 42FF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC0786FEE69h 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d jno 00007FC0786FEE5Ch 0x00000013 pop edi 0x00000014 nop 0x00000015 mov edi, 678660D7h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007FC0786FEE58h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 mov edi, ebx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007FC0786FEE58h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 jng 00007FC0786FEE67h 0x0000005a jmp 00007FC0786FEE61h 0x0000005f jp 00007FC0786FEE5Ch 0x00000065 mov ebx, dword ptr [ebp+122D26F4h] 0x0000006b push eax 0x0000006c pushad 0x0000006d jnl 00007FC0786FEE58h 0x00000073 push eax 0x00000074 push edx 0x00000075 jnl 00007FC0786FEE56h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42FF1E second address: 42FF22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 431E2C second address: 431E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4334A4 second address: 433515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jbe 00007FC0788635FCh 0x00000011 mov edi, dword ptr [ebp+122D2C85h] 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007FC0788635F8h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 mov bx, cx 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007FC0788635F8h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 movsx edi, dx 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4325EB second address: 4325F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 433515 second address: 43351A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43351A second address: 433521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4369B4 second address: 4369CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC078863602h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4369CB second address: 436A3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FC0786FEE5Ch 0x00000011 pop edx 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FC0786FEE58h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f mov bh, dh 0x00000031 push 00000000h 0x00000033 mov ebx, dword ptr [ebp+122D2B49h] 0x00000039 xchg eax, esi 0x0000003a jl 00007FC0786FEE5Eh 0x00000040 ja 00007FC0786FEE58h 0x00000046 push eax 0x00000047 pushad 0x00000048 push ebx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 436A3A second address: 436A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FC0788635F6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 435B8F second address: 435B94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 435B94 second address: 435B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 438B21 second address: 438B34 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC0786FEE58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 438B34 second address: 438B3A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 437C50 second address: 437C61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 437C61 second address: 437C6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 437C6B second address: 437C7D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 437C7D second address: 437C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 437C81 second address: 437D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC0786FEE58h 0x0000000c popad 0x0000000d nop 0x0000000e push dword ptr fs:[00000000h] 0x00000015 sub edi, 6BF57880h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007FC0786FEE58h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 00000019h 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c mov edi, dword ptr [ebp+122D29F5h] 0x00000042 mov eax, dword ptr [ebp+122D1461h] 0x00000048 push 00000000h 0x0000004a push edx 0x0000004b call 00007FC0786FEE58h 0x00000050 pop edx 0x00000051 mov dword ptr [esp+04h], edx 0x00000055 add dword ptr [esp+04h], 00000014h 0x0000005d inc edx 0x0000005e push edx 0x0000005f ret 0x00000060 pop edx 0x00000061 ret 0x00000062 push FFFFFFFFh 0x00000064 je 00007FC0786FEE5Eh 0x0000006a jc 00007FC0786FEE58h 0x00000070 push eax 0x00000071 pop ebx 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007FC0786FEE5Eh 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43AC55 second address: 43AC59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BC83 second address: 43BCF9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC0786FEE6Fh 0x00000008 jmp 00007FC0786FEE69h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FC0786FEE58h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c sbb ebx, 092C4676h 0x00000032 push 00000000h 0x00000034 sub dword ptr [ebp+122D1E4Ah], esi 0x0000003a xchg eax, esi 0x0000003b jmp 00007FC0786FEE69h 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 jc 00007FC0786FEE56h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 439DBD second address: 439DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 439DC3 second address: 439DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 439EDA second address: 439EDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 438C93 second address: 438CA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 438CA7 second address: 438CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BDFB second address: 43BE01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BEB0 second address: 43BEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BEB4 second address: 43BEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BEBE second address: 43BEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43BEC2 second address: 43BEE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC0786FEE64h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43DCC3 second address: 43DD7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0788635FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FC0788635FCh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007FC078863601h 0x00000017 jns 00007FC0788635F8h 0x0000001d popad 0x0000001e nop 0x0000001f mov bx, 649Bh 0x00000023 push dword ptr fs:[00000000h] 0x0000002a jp 00007FC0788635FEh 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jno 00007FC0788635FCh 0x0000003d pushad 0x0000003e je 00007FC0788635FCh 0x00000044 sub edx, dword ptr [ebp+122D2BE1h] 0x0000004a mov dword ptr [ebp+1245CBE7h], edx 0x00000050 popad 0x00000051 mov eax, dword ptr [ebp+122D14E5h] 0x00000057 movzx edi, dx 0x0000005a push FFFFFFFFh 0x0000005c push 00000000h 0x0000005e push edi 0x0000005f call 00007FC0788635F8h 0x00000064 pop edi 0x00000065 mov dword ptr [esp+04h], edi 0x00000069 add dword ptr [esp+04h], 00000014h 0x00000071 inc edi 0x00000072 push edi 0x00000073 ret 0x00000074 pop edi 0x00000075 ret 0x00000076 jmp 00007FC0788635FBh 0x0000007b push ebx 0x0000007c mov ebx, dword ptr [ebp+122D3474h] 0x00000082 pop edi 0x00000083 nop 0x00000084 push esi 0x00000085 pushad 0x00000086 push eax 0x00000087 push edx 0x00000088 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43DD7B second address: 43DD9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE61h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FC0786FEE58h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43FAE6 second address: 43FAF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43EE49 second address: 43EE4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 441C21 second address: 441C33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0788635FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3DEF87 second address: 3DEFAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 jng 00007FC0786FEE62h 0x0000000c jnc 00007FC0786FEE56h 0x00000012 jnl 00007FC0786FEE56h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jl 00007FC0786FEE8Ah 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3DEFAA second address: 3DEFB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43FDCC second address: 43FDD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43FDD0 second address: 43FDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43FDD6 second address: 43FDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 43FDDC second address: 43FDE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 448294 second address: 44829C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 448413 second address: 448454 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC078863604h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push edx 0x00000013 jc 00007FC0788635F6h 0x00000019 jmp 00007FC078863604h 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 448454 second address: 448458 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 458FA5 second address: 458FB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 459076 second address: 45908E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE63h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 459196 second address: 4591E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007FC078863608h 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jnc 00007FC0788635F8h 0x00000016 push edx 0x00000017 jmp 00007FC078863608h 0x0000001c pop edx 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4591E3 second address: 26DAE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jmp 00007FC0786FEE60h 0x00000010 pop eax 0x00000011 clc 0x00000012 push dword ptr [ebp+122D06E5h] 0x00000018 cmc 0x00000019 call dword ptr [ebp+122D2827h] 0x0000001f pushad 0x00000020 pushad 0x00000021 and ecx, 26D131E1h 0x00000027 jmp 00007FC0786FEE5Ch 0x0000002c popad 0x0000002d xor eax, eax 0x0000002f mov dword ptr [ebp+122D378Eh], edi 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 xor dword ptr [ebp+122D272Eh], ebx 0x0000003f mov dword ptr [ebp+122D297Dh], eax 0x00000045 sub dword ptr [ebp+122D272Eh], ebx 0x0000004b mov esi, 0000003Ch 0x00000050 mov dword ptr [ebp+122D272Eh], esi 0x00000056 add esi, dword ptr [esp+24h] 0x0000005a cld 0x0000005b lodsw 0x0000005d jo 00007FC0786FEE57h 0x00000063 cmc 0x00000064 clc 0x00000065 add eax, dword ptr [esp+24h] 0x00000069 sub dword ptr [ebp+122D272Eh], esi 0x0000006f mov ebx, dword ptr [esp+24h] 0x00000073 xor dword ptr [ebp+122D272Eh], ecx 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007FC0786FEE64h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3D9F1F second address: 3D9F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3D9F25 second address: 3D9F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3D9F29 second address: 3D9F38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0788635FBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D15E second address: 45D166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D166 second address: 45D16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D16B second address: 45D171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D171 second address: 45D17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC0788635F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D17D second address: 45D195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jng 00007FC0786FEE5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D195 second address: 45D19F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D19F second address: 45D1BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC0786FEE5Eh 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D336 second address: 45D33A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D33A second address: 45D36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC0786FEE63h 0x0000000b jmp 00007FC0786FEE5Fh 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 pop eax 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D36E second address: 45D372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D372 second address: 45D37C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC0786FEE56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D37C second address: 45D38B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jng 00007FC0788635F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D4DD second address: 45D4E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D4E5 second address: 45D4EF instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC0788635FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 45D607 second address: 45D60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4611F0 second address: 4611F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4611F4 second address: 461208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461208 second address: 46121B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0788635FFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46121B second address: 46124C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC0786FEE64h 0x0000000d jmp 00007FC0786FEE65h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429890 second address: 4298B6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC0788635F8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dx, B945h 0x00000013 lea eax, dword ptr [ebp+1248F595h] 0x00000019 mov dl, BAh 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f jl 00007FC0788635F6h 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4298B6 second address: 4298D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FC0786FEE5Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4298D7 second address: 4298DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4299A7 second address: 4299B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0786FEE5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429E3F second address: 26DAE1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC0788635F8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, 19A57015h 0x00000014 jne 00007FC078863600h 0x0000001a push dword ptr [ebp+122D06E5h] 0x00000020 cld 0x00000021 call dword ptr [ebp+122D2827h] 0x00000027 pushad 0x00000028 pushad 0x00000029 and ecx, 26D131E1h 0x0000002f jmp 00007FC0788635FCh 0x00000034 popad 0x00000035 xor eax, eax 0x00000037 mov dword ptr [ebp+122D378Eh], edi 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 xor dword ptr [ebp+122D272Eh], ebx 0x00000047 mov dword ptr [ebp+122D297Dh], eax 0x0000004d sub dword ptr [ebp+122D272Eh], ebx 0x00000053 mov esi, 0000003Ch 0x00000058 mov dword ptr [ebp+122D272Eh], esi 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 cld 0x00000063 lodsw 0x00000065 jo 00007FC0788635F7h 0x0000006b cmc 0x0000006c clc 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 sub dword ptr [ebp+122D272Eh], esi 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b xor dword ptr [ebp+122D272Eh], ecx 0x00000081 push eax 0x00000082 push eax 0x00000083 push edx 0x00000084 jmp 00007FC078863604h 0x00000089 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429EF0 second address: 429F25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007FC0786FEE5Eh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007FC0786FEE62h 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d push esi 0x0000001e pop esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429F25 second address: 429F36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC0788635FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429F36 second address: 429F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jmp 00007FC0786FEE5Eh 0x00000010 pop eax 0x00000011 sub edx, 54BE11BDh 0x00000017 push 477BE50Ch 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 429F60 second address: 429F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42A0EE second address: 42A0F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42A242 second address: 42A24C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC0788635F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42A7B0 second address: 42A811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 jno 00007FC0786FEE58h 0x0000000e pop ecx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FC0786FEE58h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a push 0000001Eh 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007FC0786FEE58h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FC0786FEE5Bh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42A811 second address: 42A822 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0788635FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42A953 second address: 42A962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42AB17 second address: 42AB7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FC0788635FEh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC078863605h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push esi 0x00000016 pushad 0x00000017 jmp 00007FC078863602h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pop esi 0x00000020 mov eax, dword ptr [eax] 0x00000022 push eax 0x00000023 jmp 00007FC0788635FEh 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d push eax 0x0000002e push edx 0x0000002f jc 00007FC0788635FCh 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 42AB7D second address: 42AB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461539 second address: 461544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC0788635F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461681 second address: 46168E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461842 second address: 461851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461851 second address: 461855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461855 second address: 46185B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46185B second address: 461871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007FC0786FEE56h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4619A4 second address: 4619A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4619A8 second address: 4619AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461B04 second address: 461B15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC0788635F6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461B15 second address: 461B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461DDB second address: 461E00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push edi 0x00000008 pop edi 0x00000009 popad 0x0000000a push edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d ja 00007FC0788635F6h 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC0788635FAh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461E00 second address: 461E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461F6D second address: 461F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC0788635F6h 0x0000000a js 00007FC0788635F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461F7F second address: 461F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 461F88 second address: 461F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 468B8C second address: 468B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 468B96 second address: 468BA0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC0788635F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 467C9B second address: 467CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 467E01 second address: 467E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46824D second address: 468270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0786FEE60h 0x00000009 jmp 00007FC0786FEE5Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4683EA second address: 4683EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 468655 second address: 46866C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4673C0 second address: 4673C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4673C9 second address: 4673F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC0786FEE56h 0x0000000a popad 0x0000000b popad 0x0000000c jc 00007FC0786FEE7Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 jmp 00007FC0786FEE64h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46FC34 second address: 46FC38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46FC38 second address: 46FC3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46FC3E second address: 46FC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC0788635FBh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46EC53 second address: 46EC5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46EC5B second address: 46EC69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FC0788635F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46EC69 second address: 46EC92 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC0786FEE63h 0x00000010 jl 00007FC0786FEE56h 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46EF52 second address: 46EF69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863600h 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F0A7 second address: 46F0C8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC0786FEE5Dh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC0786FEE5Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F67D second address: 46F683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F683 second address: 46F689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F689 second address: 46F692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F692 second address: 46F697 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F697 second address: 46F69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F69F second address: 46F6A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F96C second address: 46F972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 46F972 second address: 46F97E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 472804 second address: 472812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007FC0788635F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 472812 second address: 472818 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4768F8 second address: 4768FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4768FF second address: 476904 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 476904 second address: 47690F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 479848 second address: 479854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FC0786FEE56h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 479854 second address: 479858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 479858 second address: 47985E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 47985E second address: 47986F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FC0788635F6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4793F6 second address: 47940B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 47940B second address: 479415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4831EB second address: 4831FD instructions: 0x00000000 rdtsc 0x00000002 je 00007FC0786FEE5Ch 0x00000008 jng 00007FC0786FEE56h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4831FD second address: 483203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 483203 second address: 483207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481BC9 second address: 481BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481BCF second address: 481BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481D17 second address: 481D1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481D1D second address: 481D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481D27 second address: 481D2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481D2D second address: 481D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop esi 0x0000000d jne 00007FC0786FEE62h 0x00000013 jno 00007FC0786FEE56h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 481D48 second address: 481D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 48206C second address: 482072 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482072 second address: 482086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 jne 00007FC078863602h 0x0000000c js 00007FC0788635F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4824BB second address: 4824CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC0786FEE56h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4824CC second address: 4824D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4824D0 second address: 482506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 js 00007FC0786FEE56h 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 jmp 00007FC0786FEE67h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EA8 second address: 482EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EAC second address: 482EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EB2 second address: 482EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FC0788635F8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EC0 second address: 482ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0786FEE62h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482ED6 second address: 482EDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EDA second address: 482EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 482EE0 second address: 482EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485FDF second address: 485FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485FE3 second address: 485FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 ja 00007FC0788635F6h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485FF3 second address: 485FF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4857F4 second address: 4857F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485932 second address: 485971 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b je 00007FC0786FEE56h 0x00000011 jns 00007FC0786FEE56h 0x00000017 pop ecx 0x00000018 jmp 00007FC0786FEE65h 0x0000001d popad 0x0000001e pushad 0x0000001f jbe 00007FC0786FEE5Ch 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485971 second address: 485977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485D31 second address: 485D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485D3B second address: 485D5D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC0788635FCh 0x0000000c pop esi 0x0000000d push edx 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007FC0788635F6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 485D5D second address: 485D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489FC9 second address: 489FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489251 second address: 48929A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Eh 0x00000009 popad 0x0000000a push edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 je 00007FC0786FEE5Ah 0x00000018 jmp 00007FC0786FEE61h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FC0786FEE61h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489522 second address: 48952A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 48952A second address: 489539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC0786FEE5Ah 0x0000000b push esi 0x0000000c pop esi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489539 second address: 489545 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489545 second address: 489549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 48987F second address: 489887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 489887 second address: 4898EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC0786FEE66h 0x0000000a jp 00007FC0786FEE5Ch 0x00000010 jl 00007FC0786FEE58h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a jnp 00007FC0786FEE7Eh 0x00000020 jmp 00007FC0786FEE66h 0x00000025 jmp 00007FC0786FEE62h 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4898EA second address: 4898EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 49121F second address: 491240 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push edx 0x0000000c jo 00007FC0786FEE5Ch 0x00000012 jo 00007FC0786FEE56h 0x00000018 push edi 0x00000019 jnp 00007FC0786FEE56h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 48F570 second address: 48F57F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jnc 00007FC0788635F6h 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490A11 second address: 490A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490A15 second address: 490A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490A19 second address: 490A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC0786FEE5Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490A2E second address: 490A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F36 second address: 490F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F3A second address: 490F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F44 second address: 490F5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC0786FEE5Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F5E second address: 490F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F62 second address: 490F6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F6C second address: 490F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 490F70 second address: 490F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A371E second address: 4A3731 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC0788635F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3731 second address: 4A3735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A3735 second address: 4A3755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0788635FAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007FC0788635FCh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A191C second address: 4A1921 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A1921 second address: 4A1934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jnl 00007FC0788635F6h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A1934 second address: 4A193D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A1D77 second address: 4A1D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A205F second address: 4A2074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FC0786FEE5Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2074 second address: 4A2087 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC0788635F6h 0x00000008 jng 00007FC0788635F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A24A4 second address: 4A24A9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A24A9 second address: 4A24B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007FC078863607h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2615 second address: 4A261A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A261A second address: 4A2624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FC0788635F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2624 second address: 4A2646 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jns 00007FC0786FEE56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2646 second address: 4A267D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FC078863607h 0x0000000e jmp 00007FC0788635FCh 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 jnp 00007FC0788635F6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A267D second address: 4A2686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2686 second address: 4A268A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A27DA second address: 4A2803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FC0786FEE63h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A2803 second address: 4A2807 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A74DB second address: 4A74E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A74E1 second address: 4A74E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3D690A second address: 3D6916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE836 second address: 4AE85C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jp 00007FC0788635F6h 0x0000000b pop edi 0x0000000c push ebx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007FC0788635FFh 0x00000014 pop ebx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE85C second address: 4AE866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE866 second address: 4AE874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FC0788635F6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE874 second address: 4AE878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE878 second address: 4AE89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FC0788635F6h 0x0000000d jmp 00007FC078863601h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE89D second address: 4AE8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE8A3 second address: 4AE8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE9E7 second address: 4AEA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC0786FEE65h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AEA0A second address: 4AEA14 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC078863602h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AEB37 second address: 4AEB46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jnp 00007FC0786FEE56h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B03F6 second address: 4B03FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B03FE second address: 4B041C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC0786FEE56h 0x0000000a popad 0x0000000b jng 00007FC0786FEE5Ah 0x00000011 push esi 0x00000012 pop esi 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 jns 00007FC0786FEE56h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B041C second address: 4B0422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BD7F8 second address: 4BD802 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BD802 second address: 4BD80B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BD342 second address: 4BD354 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4C0A9E second address: 4C0AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4C0AA3 second address: 4C0AA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4C5270 second address: 4C5277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D4B15 second address: 4D4B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC0786FEE56h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D4B20 second address: 4D4B41 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC078863609h 0x00000008 jmp 00007FC078863603h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D4C8A second address: 4D4CA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE64h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D50D8 second address: 4D5107 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0788635FCh 0x00000007 jmp 00007FC078863608h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D5107 second address: 4D510B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D510B second address: 4D510F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D510F second address: 4D5115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 3DBA41 second address: 3DBA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F05FE second address: 4F0626 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0786FEE5Ch 0x00000007 jbe 00007FC0786FEE56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC0786FEE5Eh 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F454C second address: 4F4560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC0788635FBh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F4560 second address: 4F456A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FB887 second address: 4FB8A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FC0788635F6h 0x00000009 jmp 00007FC0788635FDh 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FBD00 second address: 4FBD29 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007FC0786FEE56h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jg 00007FC0786FEE56h 0x00000017 je 00007FC0786FEE56h 0x0000001d jmp 00007FC0786FEE5Bh 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FBD29 second address: 4FBD35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FBE70 second address: 4FBE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FC0786FEE60h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC02F second address: 4FC03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0788635FAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC03F second address: 4FC044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC1BB second address: 4FC1F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jno 00007FC0788635F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FC0788635FBh 0x00000014 popad 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC078863607h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC1F2 second address: 4FC20C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC0786FEE5Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007FC0786FEE56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC20C second address: 4FC211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC211 second address: 4FC216 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FC216 second address: 4FC22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC078863603h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF373 second address: 4FF39A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007FC0786FEE70h 0x0000000d jmp 00007FC0786FEE68h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF39A second address: 4FF39F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF39F second address: 4FF3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0786FEE5Eh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50490A second address: 50491E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC078863600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50491E second address: 504928 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC0786FEE56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 506171 second address: 506185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC0788635FDh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500980 second address: 500986 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF567 second address: 4FF590 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FC0788635F6h 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push edi 0x00000013 jmp 00007FC078863601h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF6FB second address: 4FF709 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC0786FEE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF709 second address: 4FF713 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC0788635F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF713 second address: 4FF73D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jl 00007FC0786FEE56h 0x0000000b jnc 00007FC0786FEE56h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 jnc 00007FC0786FEE56h 0x0000001f jmp 00007FC0786FEE5Ah 0x00000024 pop edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 424A9F second address: 424AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 424AA5 second address: 424AA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 26DB19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 26DA86 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 429A30 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4C20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4C20000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 rdtsc 0_2_0040B019
Contains functionality to detect virtual machines (SIDT)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004071CC sidt fword ptr [esp-02h] 0_2_004071CC
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 5416 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00452CCF GetSystemInfo,VirtualAlloc, 0_2_00452CCF
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1382268852.00000000003FC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1382268852.00000000003FC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040B019 rdtsc 0_2_0040B019
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1382268852.00000000003FC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044EA90 GetSystemTime,GetFileTime, 0_2_0044EA90

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532901 Sample: file.exe Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Machine Learning detection for sample 2->15 17 2 other signatures 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos