Windows Analysis Report
file.exe

AV Detection

Source: file.exe

Avira: detected

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: file.exe

Joe Sandbox ML: detected

Cryptography

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D96373 CryptVerifySignatureA,

0_2_00D96373

Compliance

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1829564623.0000000004950000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmp

System Summary

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE0BD		0_2_00BEE0BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE0B4		0_2_00BFE0B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA0A8		0_2_00BCA0A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF20A3		0_2_00BF20A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E0ED		0_2_00C8E0ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C0FE		0_2_00C2C0FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087		0_2_00CD8087
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C480A5		0_2_00C480A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD20BB		0_2_00CD20BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D		0_2_00C6E04D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD602C		0_2_00BD602C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC05A		0_2_00CDC05A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA052		0_2_00CAA052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA055		0_2_00CCA055
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4019		0_2_00BD4019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E		0_2_00C7606E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10073		0_2_00C10073
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54006		0_2_00C54006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4012		0_2_00CB4012
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1C024		0_2_00D1C024
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A039		0_2_00C1A039
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2403D		0_2_00C2403D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C601C2		0_2_00C601C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF61B5		0_2_00BF61B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C421C8		0_2_00C421C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE1E5		0_2_00CDE1E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A1E8		0_2_00C3A1E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E1F0		0_2_00C2E1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D181E7		0_2_00D181E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C841F2		0_2_00C841F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEC1F4		0_2_00CEC1F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE41F1		0_2_00CE41F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE1F2		0_2_00BCE1F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9C187		0_2_00C9C187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA194		0_2_00CCA194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C281AE		0_2_00C281AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF41BB		0_2_00CF41BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF61B1		0_2_00CF61B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C141		0_2_00C5C141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2120		0_2_00BD2120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12173		0_2_00D12173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE10D		0_2_00BDE10D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0816F		0_2_00D0816F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D16117		0_2_00D16117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4104		0_2_00CC4104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A111		0_2_00C3A111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCE112		0_2_00CCE112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBC129		0_2_00CBC129
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04128		0_2_00C04128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46132		0_2_00C46132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0130		0_2_00CB0130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E2DB		0_2_00C3E2DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D222CC		0_2_00D222CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C302E1		0_2_00C302E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC2E1		0_2_00CCC2E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8288		0_2_00BF8288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E2F9		0_2_00C1E2F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF42F6		0_2_00CF42F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C862F5		0_2_00C862F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC281		0_2_00BFC281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE02FA		0_2_00BE02FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A296		0_2_00D0A296
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA2FA		0_2_00BDA2FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE28D		0_2_00CAE28D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC2E7		0_2_00BDC2E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A2A7		0_2_00C6A2A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A25D		0_2_00C0A25D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E25A		0_2_00C5E25A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D36263		0_2_00D36263
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C274		0_2_00C4C274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0276		0_2_00CC0276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE621B		0_2_00CE621B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80217		0_2_00C80217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A235		0_2_00C4A235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD623F		0_2_00CD623F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C238		0_2_00C0C238
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0623D		0_2_00C0623D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE83B5		0_2_00BE83B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB43C4		0_2_00CB43C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C263E2		0_2_00C263E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE63EC		0_2_00CE63EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE639A		0_2_00BE639A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC390		0_2_00BCC390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C623FC		0_2_00C623FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C3FB		0_2_00C6C3FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C3FC		0_2_00C2C3FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9638A		0_2_00C9638A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D18396		0_2_00D18396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC63F7		0_2_00BC63F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3438C		0_2_00C3438C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE239C		0_2_00CE239C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94396		0_2_00C94396
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB83A8		0_2_00CB83A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D063BD		0_2_00D063BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E3BD		0_2_00C7E3BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42345		0_2_00C42345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02345		0_2_00C02345
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB234E		0_2_00CB234E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0235A		0_2_00D0235A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE835C		0_2_00CE835C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C35E		0_2_00C1C35E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0436D		0_2_00D0436D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A377		0_2_00C8A377
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12307		0_2_00C12307
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4376		0_2_00BD4376
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4031A		0_2_00C4031A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12332		0_2_00D12332
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24325		0_2_00C24325
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6633F		0_2_00C6633F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE340		0_2_00BFE340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE4AC		0_2_00BDE4AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C604D3		0_2_00C604D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD44A3		0_2_00BD44A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB04EE		0_2_00CB04EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAC4FE		0_2_00CAC4FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC84FA		0_2_00CC84FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D084EF		0_2_00D084EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDA492		0_2_00CDA492
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA64AA		0_2_00CA64AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C244AF		0_2_00C244AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC44B2		0_2_00CC44B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8844A		0_2_00C8844A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52441		0_2_00C52441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50455		0_2_00C50455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C45D		0_2_00C8C45D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D00447		0_2_00D00447
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA41F		0_2_00BFA41F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1046A		0_2_00D1046A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC847C		0_2_00BC847C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C403		0_2_00C7C403
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8406		0_2_00CA8406
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC0400		0_2_00CC0400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC471		0_2_00BEC471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2461		0_2_00BF2461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0841F		0_2_00C0841F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA42B		0_2_00CEA42B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD645A		0_2_00BD645A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE43F		0_2_00CEE43F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0E42B		0_2_00D0E42B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD45CD		0_2_00CD45CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A5CD		0_2_00C9A5CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE45DD		0_2_00CE45DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1C5C7		0_2_00D1C5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A5E7		0_2_00C4A5E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D005F5		0_2_00D005F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8586		0_2_00BD8586
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C325FE		0_2_00C325FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCA5F3		0_2_00CCA5F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E59A		0_2_00C3E59A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92597		0_2_00C92597
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2254A		0_2_00C2254A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0522		0_2_00BF0522
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA514		0_2_00BEA514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8560		0_2_00CF8560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46574		0_2_00C46574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C50F		0_2_00C0C50F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE56F		0_2_00BFE56F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10511		0_2_00C10511
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8252E		0_2_00C8252E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1453E		0_2_00D1453E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF06BD		0_2_00BF06BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF86B6		0_2_00BF86B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA46C5		0_2_00CA46C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C6D2		0_2_00C4C6D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E6D6		0_2_00C1E6D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDC6D2		0_2_00CDC6D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C566EE		0_2_00C566EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C386EE		0_2_00C386EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C6ED		0_2_00C3C6ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D146FE		0_2_00D146FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD06FF		0_2_00CD06FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A6FF		0_2_00C6A6FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC686		0_2_00BDC686
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9C689		0_2_00C9C689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12685		0_2_00C12685
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00689		0_2_00C00689
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A694		0_2_00C5A694
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26690		0_2_00C26690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10698		0_2_00C10698
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0A6BD		0_2_00D0A6BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE6BE		0_2_00CDE6BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C746B9		0_2_00C746B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68645		0_2_00C68645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C644		0_2_00C0C644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0C655		0_2_00D0C655
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72650		0_2_00C72650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7065E		0_2_00C7065E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A659		0_2_00C2A659
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9867B		0_2_00C9867B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A608		0_2_00C8A608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD662D		0_2_00CD662D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF665E		0_2_00BF665E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE644		0_2_00BDE644
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E63D		0_2_00C0E63D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C267C2		0_2_00C267C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE87CE		0_2_00CE87CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C907D9		0_2_00C907D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC07ED		0_2_00CC07ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD679B		0_2_00BD679B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA87FB		0_2_00CA87FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFC788		0_2_00CFC788
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86784		0_2_00C86784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF479A		0_2_00CF479A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66799		0_2_00C66799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E7A0		0_2_00C4E7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C7A1		0_2_00C7C7A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C7AB		0_2_00C2C7AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A7B2		0_2_00C1A7B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D187AA		0_2_00D187AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3475B		0_2_00D3475B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E74B		0_2_00C5E74B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2745		0_2_00CB2745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24753		0_2_00C24753
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2755		0_2_00CC2755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6275D		0_2_00C6275D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2764		0_2_00CF2764
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8762		0_2_00CF8762
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCC772		0_2_00CCC772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02719		0_2_00D02719
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE475B		0_2_00BE475B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0752		0_2_00BE0752
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0473E		0_2_00D0473E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBE738		0_2_00CBE738
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF28BF		0_2_00BF28BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A8C1		0_2_00C4A8C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB68FB		0_2_00CB68FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C448FF		0_2_00C448FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA88A		0_2_00CEA88A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2888B		0_2_00C2888B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C8A6		0_2_00C6C8A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD08A1		0_2_00CD08A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC88C9		0_2_00BC88C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD88B4		0_2_00CD88B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0E851		0_2_00D0E851
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6284F		0_2_00C6284F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6822		0_2_00BE6822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE868		0_2_00CEE868
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D20866		0_2_00D20866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE809		0_2_00BFE809
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0876		0_2_00CF0876
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA080C		0_2_00CA080C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36811		0_2_00C36811
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8481E		0_2_00C8481E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2A80D		0_2_00D2A80D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12822		0_2_00C12822
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8850		0_2_00BE8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAE825		0_2_00CAE825
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C189C1		0_2_00C189C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C409C6		0_2_00C409C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C569D5		0_2_00C569D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C989D3		0_2_00C989D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C469F4		0_2_00C469F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD29FE		0_2_00CD29FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C909FC		0_2_00C909FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA9F3		0_2_00CAA9F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD49F3		0_2_00CD49F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC898D		0_2_00CC898D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8098C		0_2_00C8098C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE498B		0_2_00CE498B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF299A		0_2_00CF299A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C991		0_2_00C8C991
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFA994		0_2_00CFA994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC9DC		0_2_00BDC9DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD49DF		0_2_00BD49DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E9BC		0_2_00C0E9BC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E94C		0_2_00C5E94C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06953		0_2_00C06953
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50952		0_2_00C50952
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD091C		0_2_00BD091C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14963		0_2_00C14963
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6915		0_2_00BC6915
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9490C		0_2_00C9490C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06916		0_2_00D06916
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6970		0_2_00BD6970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6910		0_2_00CA6910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32918		0_2_00C32918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E929		0_2_00C8E929
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52926		0_2_00C52926
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AAC8		0_2_00C8AAC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1CAD7		0_2_00D1CAD7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7CACF		0_2_00C7CACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CADD		0_2_00C0CADD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDEAE4		0_2_00CDEAE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92AE4		0_2_00C92AE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04AEE		0_2_00C04AEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2A8E		0_2_00BD2A8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2A8D		0_2_00CC2A8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AA88		0_2_00C0AA88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0AF3		0_2_00BE0AF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3CA95		0_2_00C3CA95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEEA90		0_2_00CEEA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6AAAE		0_2_00C6AAAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10ABC		0_2_00C10ABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24A42		0_2_00C24A42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9AA43		0_2_00C9AA43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6EA57		0_2_00C6EA57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4EA5B		0_2_00C4EA5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEA1A		0_2_00BCEA1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAA79		0_2_00CEAA79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2A71		0_2_00CE2A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48A07		0_2_00C48A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08A07		0_2_00C08A07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82A02		0_2_00C82A02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6A01		0_2_00CD6A01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECA00		0_2_00CECA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14A10		0_2_00C14A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAA2E		0_2_00CCAA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAA4E		0_2_00BEAA4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4A4E		0_2_00BF4A4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42A36		0_2_00C42A36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C38A37		0_2_00C38A37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00A3D		0_2_00C00A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD2BC6		0_2_00CD2BC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D10BC2		0_2_00D10BC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0CBC4		0_2_00D0CBC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70BDF		0_2_00C70BDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD6BD0		0_2_00CD6BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28BDC		0_2_00C28BDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D12BCF		0_2_00D12BCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EBEB		0_2_00C7EBEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C30BF5		0_2_00C30BF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2BF6		0_2_00CF2BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D14B93		0_2_00D14B93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CECB84		0_2_00CECB84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EB97		0_2_00C5EB97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CBAE		0_2_00C1CBAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86BB9		0_2_00C86BB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCABBA		0_2_00CCABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA4BB1		0_2_00CA4BB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ABBA		0_2_00C6ABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74B45		0_2_00C74B45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFEB5D		0_2_00CFEB5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4B29		0_2_00BE4B29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFCB58		0_2_00CFCB58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1AB48		0_2_00D1AB48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96B77		0_2_00C96B77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02B18		0_2_00D02B18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0B72		0_2_00BF0B72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE0B2E		0_2_00CE0B2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4CB34		0_2_00C4CB34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDACBF		0_2_00BDACBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1ACCA		0_2_00C1ACCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40CDF		0_2_00C40CDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CCD4		0_2_00C9CCD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD0C98		0_2_00BD0C98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6C91		0_2_00BD6C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16CF1		0_2_00C16CF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4CF5		0_2_00CD4CF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D06CEE		0_2_00D06CEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACC8B		0_2_00CACC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94C8A		0_2_00C94C8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA8C9D		0_2_00CA8C9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90C91		0_2_00C90C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2CDF		0_2_00BF2CDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CCAD		0_2_00C0CCAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D16C58		0_2_00D16C58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEC2C		0_2_00BFEC2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26C51		0_2_00C26C51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC4C7C		0_2_00CC4C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58C7B		0_2_00C58C7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6C03		0_2_00BC6C03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA6C05		0_2_00CA6C05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CC1B		0_2_00C8CC1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1EC0F		0_2_00D1EC0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB2C2B		0_2_00CB2C2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CC33		0_2_00C2CC33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88C3B		0_2_00C88C3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D32C25		0_2_00D32C25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82DCB		0_2_00C82DCB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4DBC		0_2_00BF4DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EDCC		0_2_00C7EDCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56DCA		0_2_00C56DCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8DDF		0_2_00CF8DDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0EDC2		0_2_00D0EDC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCDA9		0_2_00BFCDA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DB0DE2		0_2_00DB0DE2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D28DE8		0_2_00D28DE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34DF9		0_2_00C34DF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0ED84		0_2_00C0ED84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF6DF2		0_2_00BF6DF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ED95		0_2_00C6ED95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCADDE		0_2_00BCADDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD0DAA		0_2_00CD0DAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28DAE		0_2_00C28DAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2DBC		0_2_00CF2DBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEDC4		0_2_00BFEDC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3ADBE		0_2_00C3ADBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDED3A		0_2_00BDED3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54D4D		0_2_00C54D4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44D5A		0_2_00C44D5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCED19		0_2_00BCED19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AD66		0_2_00C0AD66
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78D7F		0_2_00C78D7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36D79		0_2_00C36D79
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBED1B		0_2_00CBED1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72D15		0_2_00C72D15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5AD1C		0_2_00C5AD1C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06D1D		0_2_00C06D1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24D1D		0_2_00C24D1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0AD24		0_2_00D0AD24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D08EC8		0_2_00D08EC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80EE3		0_2_00C80EE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6E8C		0_2_00BC6E8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB6EF8		0_2_00CB6EF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12EFA		0_2_00C12EFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEAEF5		0_2_00CEAEF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD4E8D		0_2_00CD4E8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFAE88		0_2_00CFAE88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EE83		0_2_00C9EE83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE4E9C		0_2_00CE4E9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AE9E		0_2_00C2AE9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AEA0		0_2_00C7AEA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9AEBB		0_2_00C9AEBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D02E52		0_2_00D02E52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECE39		0_2_00BECE39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7CE54		0_2_00C7CE54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74E67		0_2_00C74E67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB0E0B		0_2_00CB0E0B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18E00		0_2_00C18E00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00E0C		0_2_00C00E0C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46E11		0_2_00C46E11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AE13		0_2_00C8AE13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2E59		0_2_00BD2E59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52E37		0_2_00C52E37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEEE32		0_2_00CEEE32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC2E31		0_2_00CC2E31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CFC0		0_2_00C8CFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40FCF		0_2_00C40FCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4FA5		0_2_00BD4FA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAAFD2		0_2_00CAAFD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEEFA7		0_2_00BEEFA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EFDC		0_2_00C5EFDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CFEB		0_2_00C9CFEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64FE1		0_2_00C64FE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCEFF8		0_2_00CCEFF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D14F96		0_2_00D14F96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CACF81		0_2_00CACF81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86F87		0_2_00C86F87
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8FEA		0_2_00BC8FEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8F97		0_2_00CE8F97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34FA4		0_2_00C34FA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCCFA3		0_2_00CCCFA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84FBE		0_2_00C84FBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92FB2		0_2_00C92FB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CB4F46		0_2_00CB4F46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66F50		0_2_00C66F50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8F1E		0_2_00BF8F1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CF6D		0_2_00C1CF6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBAF65		0_2_00CBAF65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96F1D		0_2_00C96F1D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE6F19		0_2_00CE6F19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6F62		0_2_00BD6F62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8F57		0_2_00BD8F57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98F3B		0_2_00C98F3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4F46		0_2_00BE4F46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88F33		0_2_00C88F33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAF43		0_2_00BEAF43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC70C9		0_2_00CC70C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C650D2		0_2_00C650D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C370DC		0_2_00C370DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCD09D		0_2_00BCD09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C510FC		0_2_00C510FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3B08B		0_2_00C3B08B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC909F		0_2_00CC909F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D0A8		0_2_00C3D0A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE5041		0_2_00CE5041
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDD059		0_2_00CDD059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD01D		0_2_00BDD01D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF506E		0_2_00CF506E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C09065		0_2_00C09065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC1065		0_2_00CC1065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA7065		0_2_00CA7065
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2507B		0_2_00C2507B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA9009		0_2_00CA9009
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7700A		0_2_00C7700A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C95006		0_2_00C95006
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0D00F		0_2_00D0D00F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4D02D		0_2_00C4D02D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBF1CC		0_2_00CBF1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C191CA		0_2_00C191CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD1A6		0_2_00BFD1A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD51D4		0_2_00CD51D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE51A4		0_2_00BE51A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D131CB		0_2_00D131CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDF19E		0_2_00BDF19E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDD1E4		0_2_00CDD1E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C751F7		0_2_00C751F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA51F3		0_2_00CA51F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB1FF		0_2_00BEB1FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0B197		0_2_00D0B197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C07188		0_2_00C07188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0518A		0_2_00C0518A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D0F19D		0_2_00D0F19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C23191		0_2_00C23191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F195		0_2_00C6F195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4519D		0_2_00C4519D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D1118C		0_2_00D1118C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71AA		0_2_00CF71AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C571BB		0_2_00C571BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6D141		0_2_00C6D141

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 00D91368 appears 35 times

Source: file.exe, 00000000.00000002.1963035376.0000000000BB6000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: Section: olubeyjy ZLIB complexity 0.9949934627283441

Source: classification engine

Classification label: mal100.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll			Jump to behavior

Source: file.exe

Static file information: File size 1762816 > 1048576

Source: file.exe

Static PE information: Raw size of olubeyjy is bigger than: 0x100000 < 0x1a8400

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.1829564623.0000000004950000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1963017578.0000000000BB2000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.bb0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;olubeyjy:EW;nxtyhpgw:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1af23e should be: 0x1bb868

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: olubeyjy
Source: file.exe	Static PE information: section name: nxtyhpgw
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBED3D push 60C0C090h; mov dword ptr [esp], edx		0_2_00BBED4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBED3D push esi; mov dword ptr [esp], 5237913Ah		0_2_00BBF421
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC158D push 06A8CD5Ah; mov dword ptr [esp], ecx		0_2_00BC15C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC40AE push edi; mov dword ptr [esp], ecx		0_2_00BC40B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC40AE push ebp; mov dword ptr [esp], 7BFF8E2Eh		0_2_00BC40BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D200C6 push edi; iretd		0_2_00D200C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 1BE76B0Fh; mov dword ptr [esp], ecx		0_2_00CD858F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], ebx		0_2_00CD85A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push eax; mov dword ptr [esp], ecx		0_2_00CD85B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], 44DC3E97h		0_2_00CD86D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 3F58E264h; mov dword ptr [esp], edx		0_2_00CD86F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 57D6008Ch; mov dword ptr [esp], edx		0_2_00CD87C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push 5E16D1E5h; mov dword ptr [esp], ebp		0_2_00CD880E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CD8087 push edi; mov dword ptr [esp], eax		0_2_00CD8829
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D200BB push ecx; iretd		0_2_00D200C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push 6851DE28h; mov dword ptr [esp], ecx		0_2_00C6E099
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push eax; mov dword ptr [esp], 7AAD3C3Eh		0_2_00C6E0CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebx; mov dword ptr [esp], 4A16EEB2h		0_2_00C6E122
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push 3BC8E091h; mov dword ptr [esp], edi		0_2_00C6E17C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push edx; mov dword ptr [esp], eax		0_2_00C6E1E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebx; mov dword ptr [esp], eax		0_2_00C6E1F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E04D push ebp; mov dword ptr [esp], 5C2DA580h		0_2_00C6E21A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push esi; mov dword ptr [esp], ebp		0_2_00C764D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 38C03B0Fh; mov dword ptr [esp], eax		0_2_00C76561
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 1946E575h; mov dword ptr [esp], ebx		0_2_00C76570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push edi; mov dword ptr [esp], 4EADBF71h		0_2_00C76574
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 59EEF749h; mov dword ptr [esp], ebx		0_2_00C76601
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push ebx; mov dword ptr [esp], 3FFBA212h		0_2_00C76606
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push 2E984BC2h; mov dword ptr [esp], ebp		0_2_00C76641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7606E push ebp; mov dword ptr [esp], eax		0_2_00C76661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1A04C push 4E11870Fh; mov dword ptr [esp], ebx		0_2_00E1A347

Source: file.exe	Static PE information: section name: entropy: 7.794995507460187
Source: file.exe	Static PE information: section name: olubeyjy entropy: 7.953111192474588

Boot Survival

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D861 second address: D3D865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D865 second address: D3D869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D869 second address: D3D877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FEAD881CEF6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D877 second address: D3D8A2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD9B2A9F6h 0x00000008 jmp 00007FEAD9B2AA04h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007FEAD9B2A9F8h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8A2 second address: D3D8A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3D8A8 second address: D3D8C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FEAD9B2AA01h 0x0000000b jns 00007FEAD9B2A9F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CAD9 second address: D3CAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jl 00007FEAD881CEFCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CAE8 second address: D3CAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FEAD9B2AA04h 0x0000000b pushad 0x0000000c ja 00007FEAD9B2A9F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CD85 second address: D3CD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEAD881CEF6h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CD93 second address: D3CDB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEAD9B2AA09h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CDB5 second address: D3CDFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jp 00007FEAD881CEF6h 0x00000010 jp 00007FEAD881CEF6h 0x00000016 pop esi 0x00000017 jmp 00007FEAD881CF06h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CF7C second address: D3CF92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EC3C second address: D3EC88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FEAD881CF09h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FEAD881CEFCh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FEAD881CF05h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EC88 second address: D3ECB0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a jmp 00007FEAD9B2A9FFh 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jg 00007FEAD9B2AA0Fh 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ECB0 second address: D3ED11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a add dword ptr [ebp+122D244Dh], esi 0x00000010 push 00000003h 0x00000012 sub dword ptr [ebp+122D25B3h], edx 0x00000018 xor ecx, 789F98E4h 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007FEAD881CEF8h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000019h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov di, bx 0x0000003f push BFB48249h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jng 00007FEAD881CEF6h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ED11 second address: D3ED17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EDED second address: D3EE69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a add dword ptr [esp], 1B5EF0DBh 0x00000011 movzx ecx, cx 0x00000014 push 00000003h 0x00000016 push 00000000h 0x00000018 mov cx, ax 0x0000001b jmp 00007FEAD881CF09h 0x00000020 push 00000003h 0x00000022 jmp 00007FEAD881CF07h 0x00000027 push D29A62AAh 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FEAD881CF04h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EE69 second address: D3EE78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD9B2A9FBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D51E29 second address: D51E2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D51E2F second address: D51E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6049E second address: D604B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF02h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604B6 second address: D604BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604BB second address: D604C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D604C0 second address: D604CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288BD second address: D288CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jo 00007FEAD881CEF6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D288CA second address: D288DE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E521 second address: D5E55B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF06h 0x00000007 jmp 00007FEAD881CF02h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FEAD881CEFAh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E6D3 second address: D5E6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E6D7 second address: D5E706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF08h 0x00000007 jp 00007FEAD881CEF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FEAD881CEFDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5EE8B second address: D5EE95 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F180 second address: D5F185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F404 second address: D5F408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F408 second address: D5F40C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F40C second address: D5F412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F412 second address: D5F43B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FEAD881CEF6h 0x0000000d jne 00007FEAD881CEF6h 0x00000013 popad 0x00000014 pop edi 0x00000015 push esi 0x00000016 jmp 00007FEAD881CEFBh 0x0000001b jc 00007FEAD881CEFCh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F581 second address: D5F585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D533DB second address: D533DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D533DF second address: D533E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2A39C second address: D2A3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD7E second address: D5FD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD8A second address: D5FD8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FD8E second address: D5FDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD9B2AA01h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007FEAD9B2AA04h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FDC1 second address: D5FDD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF00h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5FDD5 second address: D5FDDB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60053 second address: D60058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60058 second address: D60064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60064 second address: D60068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60327 second address: D6032C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6032C second address: D60351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jnl 00007FEAD881CEF6h 0x0000000e jmp 00007FEAD881CF05h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6362C second address: D63631 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63631 second address: D63679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007FEAD881CF00h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FEAD881CF08h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edx 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push edi 0x0000002a pop edi 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63679 second address: D63687 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2A9FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63687 second address: D6368D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C434 second address: D6C43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B871 second address: D6B87B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B87B second address: D6B889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BB38 second address: D6BB49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FEAD881CEF6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF62 second address: D6BF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF66 second address: D6BF72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF72 second address: D6BF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6BF78 second address: D6BF7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C0BB second address: D6C0E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FEAD9B2A9FCh 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FEAD9B2AA04h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FEAD9B2A9FCh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6C2BA second address: D6C2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D30E second address: D6D331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D331 second address: D6D337 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D337 second address: D6D33C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D33C second address: D6D34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D34B second address: D6D39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007FEAD9B2A9FFh 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f jns 00007FEAD9B2AA00h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 jmp 00007FEAD9B2A9FAh 0x0000001e pop eax 0x0000001f xor si, AD61h 0x00000024 mov edi, dword ptr [ebp+122D29B0h] 0x0000002a push 662797E2h 0x0000002f push eax 0x00000030 push edx 0x00000031 jc 00007FEAD9B2A9F8h 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D828 second address: D6D82C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D82C second address: D6D830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D830 second address: D6D836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E0EA second address: D6E107 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEAD9B2AA03h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E300 second address: D6E32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jns 00007FEAD881CEF6h 0x00000011 jmp 00007FEAD881CF08h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6E4EE second address: D6E4F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70EE5 second address: D70EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70C78 second address: D70C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70EEB second address: D70EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D723E5 second address: D723F3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72BB9 second address: D72BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73840 second address: D73844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D72BBD second address: D72BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD881CEFEh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73844 second address: D73848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73848 second address: D7384E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7384E second address: D73858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FEAD9B2A9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3424E second address: D34255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7AB8F second address: D7AB93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79D67 second address: D79D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7ACA0 second address: D7AD26 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD9B2AA05h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 mov edi, dword ptr [ebp+122D2229h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FEAD9B2A9F8h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 00000015h 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b jnc 00007FEAD9B2A9FCh 0x00000041 mov eax, dword ptr [ebp+122D0425h] 0x00000047 movzx ebx, bx 0x0000004a push FFFFFFFFh 0x0000004c mov ebx, dword ptr [ebp+122D2307h] 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FEAD9B2AA09h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7DB88 second address: D7DB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F7FB second address: D7F7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7DB8C second address: D7DBA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F7FF second address: D7F81B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7F81B second address: D7F8A5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEAD881CF0Ah 0x00000008 jmp 00007FEAD881CF04h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007FEAD881CEF8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+122D2CE4h] 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FEAD881CEF8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov di, 0250h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jc 00007FEAD881CF08h 0x0000005d jmp 00007FEAD881CF02h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA05 second address: D7FA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA09 second address: D7FA0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84AC6 second address: D84ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85C2D second address: D85C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83BA7 second address: D83BBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEAD9B2A9FFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85C37 second address: D85CA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov bx, BDC7h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007FEAD881CEF8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c mov ebx, 24725CA4h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FEAD881CEF8h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d push eax 0x0000004e push ebx 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84C8A second address: D84CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 sbb bx, D9A0h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov ebx, dword ptr [ebp+122D2AC4h] 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 xor dword ptr [ebp+124676B4h], eax 0x00000026 mov eax, dword ptr [ebp+122D066Dh] 0x0000002c jmp 00007FEAD9B2A9FDh 0x00000031 push FFFFFFFFh 0x00000033 add dword ptr [ebp+122D1B17h], ecx 0x00000039 nop 0x0000003a jc 00007FEAD9B2AA0Dh 0x00000040 jg 00007FEAD9B2AA07h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84CF0 second address: D84CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D84CF4 second address: D84CFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87B79 second address: D87B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87B7F second address: D87BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edx 0x00000009 call 00007FEAD9B2A9F8h 0x0000000e pop edx 0x0000000f mov dword ptr [esp+04h], edx 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc edx 0x0000001c push edx 0x0000001d ret 0x0000001e pop edx 0x0000001f ret 0x00000020 push 00000000h 0x00000022 mov dword ptr [ebp+122D18D4h], edx 0x00000028 push 00000000h 0x0000002a mov edi, dword ptr [ebp+1247C097h] 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FEAD9B2AA08h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BCF second address: D87BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BE2 second address: D87C02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87C02 second address: D87C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEAD881CEF6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86EB9 second address: D86EDF instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEAD9B2AA08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FEAD9B2A9F6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86EDF second address: D86EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D6F second address: D87D79 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D62 second address: D88D67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D67 second address: D88D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEAD9B2A9F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jc 00007FEAD9B2A9F6h 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88D7F second address: D88D85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B828 second address: D8B834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FEAD9B2A9F6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B834 second address: D8B847 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jng 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B847 second address: D8B857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2A9FAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B857 second address: D8B85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B85C second address: D8B878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FEAD9B2A9FFh 0x0000000a jne 00007FEAD9B2A9F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E3EF second address: D8E3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E3F5 second address: D8E3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D21E26 second address: D21E42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD881CF07h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D238F8 second address: D23906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEAD9B2A9F8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D23906 second address: D2390E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2390E second address: D23912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B130 second address: D9B134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9B134 second address: D9B161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FEAD9B2AA07h 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FEAD9B2A9F6h 0x00000015 jne 00007FEAD9B2A9F6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC1C second address: DAAC20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC20 second address: DAAC28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC28 second address: DAAC2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC2C second address: DAAC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC35 second address: DAAC59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEAD881CF09h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC59 second address: DAAC5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAAC5D second address: DAAC65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98A4 second address: DA98B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FEAD9B2A9F6h 0x0000000d jbe 00007FEAD9B2A9F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98B7 second address: DA98BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98BB second address: DA98C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA98C1 second address: DA98D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FEAD881CEFCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9EC3 second address: DA9EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FEAD9B2AA04h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA9EEF second address: DA9F08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF04h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA307 second address: DAA350 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD9B2A9F6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007FEAD9B2AA1Fh 0x00000012 jmp 00007FEAD9B2AA03h 0x00000017 jmp 00007FEAD9B2AA06h 0x0000001c jmp 00007FEAD9B2A9FAh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA350 second address: DAA35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA4DA second address: DAA4DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA78B second address: DAA7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEAD881CF02h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA8E7 second address: DAA8EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA8EB second address: DAA904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF03h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA904 second address: DAA90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA90A second address: DAA910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA910 second address: DAA914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAA914 second address: DAA949 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FEAD881CF04h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007FEAD881CF08h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF556 second address: DAF55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF55A second address: DAF57F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEAD881CF05h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF6FB second address: DAF707 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEAD9B2A9F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAF84A second address: DAF86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FEAD881CEF6h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FEAD881CF00h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFAE3 second address: DAFAEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jl 00007FEAD9B2A9F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFD9F second address: DAFDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDA9 second address: DAFDAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAFDAD second address: DAFDD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEAD881CEF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FEAD881CEF6h 0x00000014 jmp 00007FEAD881CF02h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53F7D second address: D53F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB07A7 second address: DB07B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB07B1 second address: DB07B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E22 second address: D26E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEAD881CEFDh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E34 second address: D26E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E40 second address: D26E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4643 second address: DB467F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jg 00007FEAD9B2AA23h 0x0000000f jmp 00007FEAD9B2AA05h 0x00000014 jmp 00007FEAD9B2AA08h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D776BB second address: D776BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D776BF second address: D776E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEAD9B2A9F8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007FEAD9B2A9FFh 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B04 second address: D77B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B08 second address: D77B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B6F second address: D77B75 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B75 second address: D77B7F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B7F second address: D77BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 3ECF6EB3h 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FEAD881CEF8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push F8A79340h 0x0000002c push eax 0x0000002d push edx 0x0000002e push edx 0x0000002f jnl 00007FEAD881CEF6h 0x00000035 pop edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7855D second address: D78567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FEAD9B2A9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78567 second address: D78583 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEAD881CF00h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78419 second address: D7841D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7876B second address: D78784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D78784 second address: D78788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB495E second address: DB4965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4965 second address: DB4971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4971 second address: DB497C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB497C second address: DB4982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4982 second address: DB498F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB498F second address: DB4993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4993 second address: DB49AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFBh 0x00000007 jmp 00007FEAD881CEFDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB49AF second address: DB49CD instructions: 0x00000000 rdtsc 0x00000002 js 00007FEAD9B2AA04h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FEAD9B2A9FCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007FEAD9B2A9F6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4C3A second address: DB4C40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4C40 second address: DB4C44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4D85 second address: DB4D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB501D second address: DB503A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FEAD9B2AA07h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBB5DC second address: DBB5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FEAD881CEF6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBEA4D second address: DBEA56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBEA56 second address: DBEA60 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2BE8F second address: D2BE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC449C second address: DC44A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC44A2 second address: DC44B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007FEAD9B2A9F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC36FE second address: DC3708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3708 second address: DC372D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jc 00007FEAD9B2A9FEh 0x00000013 jnc 00007FEAD9B2A9F6h 0x00000019 push edx 0x0000001a pop edx 0x0000001b jc 00007FEAD9B2A9FEh 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC372D second address: DC3736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D24 second address: DC3D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEAD9B2A9F6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC3D32 second address: DC3D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEAD881CEF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30CD7 second address: D30CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FEAD9B2A9F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30CFB second address: D30D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF03h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6528 second address: DC652C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC652C second address: DC6532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6532 second address: DC653E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEAD9B2A9F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC653E second address: DC6598 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEAD881CEF6h 0x00000008 jmp 00007FEAD881CF02h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FEAD881CF04h 0x00000015 jmp 00007FEAD881CF04h 0x0000001a jbe 00007FEAD881CEF6h 0x00000020 push edi 0x00000021 pop edi 0x00000022 popad 0x00000023 pop edx 0x00000024 pop eax 0x00000025 push ebx 0x00000026 pushad 0x00000027 jc 00007FEAD881CEF6h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC6598 second address: DC65A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC65A2 second address: DC65A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC66F3 second address: DC66F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B26 second address: DC9B30 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B30 second address: DC9B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnl 00007FEAD9B2A9F6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9B45 second address: DC9B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC94F5 second address: DC9502 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9502 second address: DC9506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9506 second address: DC950C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC9694 second address: DC9698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCEA06 second address: DCEA22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA07h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE03A second address: DCE040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE15D second address: DCE167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE2C3 second address: DCE2C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE2C7 second address: DCE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE462 second address: DCE467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE467 second address: DCE46D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE46D second address: DCE473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE473 second address: DCE477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCE5F2 second address: DCE5F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3C58 second address: DD3C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jno 00007FEAD9B2A9F6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3EF1 second address: DD3F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CF00h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FEAD881CEFFh 0x00000010 popad 0x00000011 push esi 0x00000012 jc 00007FEAD881CEF8h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3F24 second address: DD3F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD4098 second address: DD40AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEAD881CEF6h 0x0000000a ja 00007FEAD881CEF6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD4518 second address: DD451C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD451C second address: DD4534 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FEAD881CF02h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD8477 second address: DD847B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7B18 second address: DD7B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7B1C second address: DD7B22 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7CD5 second address: DD7CF0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FEAD881CEFBh 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jl 00007FEAD881CEF6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7E30 second address: DD7E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2AA02h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7E4C second address: DD7E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pop ecx 0x00000008 pushad 0x00000009 jmp 00007FEAD881CF02h 0x0000000e jmp 00007FEAD881CF07h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A1 second address: DD81A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A5 second address: DD81A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81A9 second address: DD81AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD81AF second address: DD81D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEAD881CEFFh 0x00000008 jne 00007FEAD881CEF6h 0x0000000e popad 0x0000000f jp 00007FEAD881CEFCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDB5 second address: DDDDB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDB9 second address: DDDDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDDDC8 second address: DDDDD2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEAD9B2A9FEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDEB64 second address: DDEB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF06D second address: DDF071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF071 second address: DDF076 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF076 second address: DDF0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2AA08h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEAD9B2AA02h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF0A9 second address: DDF0C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD881CEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEAD881CEFBh 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF96F second address: DDF975 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF975 second address: DDF98B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEAD881CF00h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDF98B second address: DDF991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE12B8 second address: DE12BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE12BE second address: DE12C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE6A50 second address: DE6A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9E3F second address: DE9E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA3C7 second address: DEA3D3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA3D3 second address: DEA3DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA98A second address: DEA990 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEA990 second address: DEA99A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEC24A second address: DEC262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007FEAD881CEFEh 0x0000000b pop edi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DEC262 second address: DEC268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF4E18 second address: DF4E52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEAD881CEFBh 0x00000010 pushad 0x00000011 je 00007FEAD881CEF6h 0x00000017 jne 00007FEAD881CEF6h 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3606 second address: DF360C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF360C second address: DF363F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FEAD881CEFCh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FEAD881CF05h 0x00000016 jno 00007FEAD881CEF6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF363F second address: DF3647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3647 second address: DF364B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3BA4 second address: DF3BA9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D09 second address: DF3D0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D0E second address: DF3D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEAD9B2AA08h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF3D2D second address: DF3D5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF03h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007FEAD881CEF6h 0x0000001c je 00007FEAD881CEF6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFCAF6 second address: DFCAFB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFCE0A second address: DFCE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E152F8 second address: E15320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007FEAD9B2A9F6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jmp 00007FEAD9B2AA05h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13E58 second address: E13E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E13E62 second address: E13E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CE2D second address: E1CE31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CC85 second address: E1CC89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1CC89 second address: E1CC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FEAD881CEFEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F373 second address: E1F37F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEAD9B2A9F6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F37F second address: E1F39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FEAD881CF06h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F39B second address: E1F39F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F210 second address: E1F21A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F21A second address: E1F21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F21E second address: E1F222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F222 second address: E1F235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEAD9B2A9F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1F235 second address: E1F23C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25310 second address: D25316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2914C second address: E29155 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E29155 second address: E2915A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B27 second address: E27B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jl 00007FEAD881CEF6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B37 second address: E27B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FEAD9B2A9F6h 0x0000000d jmp 00007FEAD9B2AA00h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27B54 second address: E27B5E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEAD881CEF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E27E54 second address: E27E68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FEAD9B2A9F6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jc 00007FEAD9B2A9FCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28205 second address: E28209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28209 second address: E28250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEAD9B2AA06h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FEAD9B2AA01h 0x00000011 jmp 00007FEAD9B2AA07h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283B5 second address: E283BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283BA second address: E283C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEAD9B2A9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283C6 second address: E283CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283CF second address: E283D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283D3 second address: E283ED instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD881CEF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007FEAD881CF21h 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007FEAD881CEF6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E283ED second address: E283F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28E98 second address: E28E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28E9D second address: E28EA8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28EA8 second address: E28EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FEAD881CEF6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEAD881CEFEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E28EC7 second address: E28ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FEAD9B2A9F6h 0x00000009 jns 00007FEAD9B2A9F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E2CE7E second address: E2CE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43F68 second address: E43FA0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEAD9B2AA00h 0x00000010 jmp 00007FEAD9B2AA07h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43FA0 second address: E43FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E43FA4 second address: E43FB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD9B2AA01h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E46803 second address: E4680D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E95F second address: E4E97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 jmp 00007FEAD9B2AA04h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E97C second address: E4E986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEAD881CEF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DC72 second address: E4DC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DC78 second address: E4DC7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDBD second address: E4DDC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDC3 second address: E4DDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDCF second address: E4DDDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FEAD9B2A9F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4DDDE second address: E4DDE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E1E1 second address: E4E1E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E348 second address: E4E356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD881CEFAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4B6 second address: E4E4C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEAD9B2A9FAh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4C7 second address: E4E4DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4DA second address: E4E4DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E4DF second address: E4E4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FEAD881CF05h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E67C second address: E4E681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E681 second address: E4E687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E687 second address: E4E694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4E694 second address: E4E69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5A750 second address: E5A779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEAD9B2A9FDh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEAD9B2AA04h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C17 second address: E51C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C1B second address: E51C29 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEAD9B2A9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C29 second address: E51C88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push ecx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnc 00007FEAD881CEF6h 0x00000011 pop ecx 0x00000012 jbe 00007FEAD881CF08h 0x00000018 pushad 0x00000019 jmp 00007FEAD881CF04h 0x0000001e jmp 00007FEAD881CF00h 0x00000023 jmp 00007FEAD881CEFEh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51C88 second address: E51C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jns 00007FEAD9B2A9F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51E2E second address: E51E61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FEAD881CEFAh 0x0000000a jp 00007FEAD881CEF8h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FEAD881CF02h 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007FEAD881CEF6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E51E61 second address: E51E65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E52FFE second address: E53041 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEAD881CF09h 0x00000007 jmp 00007FEAD881CEFEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FEAD881CEFCh 0x00000016 js 00007FEAD881CEF6h 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jne 00007FEAD881CEF6h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E53041 second address: E53072 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEAD9B2AA09h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007FEAD9B2AA01h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEAD9B2A9FEh 0x00000016 jo 00007FEAD9B2A9F6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D702B2 second address: D702B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D7776D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DFE7EF instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4C60000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4DC0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4C60000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC28FA rdtsc

0_2_00BC28FA

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7444

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D9E13C GetSystemInfo,VirtualAlloc,

0_2_00D9E13C

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__

Source: file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BC28FA rdtsc

0_2_00BC28FA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BBB909 LdrInitializeThunk,VirtualProtect,

0_2_00BBB909

Source: C:\Users\user\Desktop\file.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: file.exe, file.exe, 00000000.00000002.1963053544.0000000000D44000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: &Program Manager

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00D954B5 GetSystemTime,GetFileTime,

0_2_00D954B5

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Users\user\Desktop\file.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Jump to behavior

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1			Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1			Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Registry value created: TamperProtection 0

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations			Jump to behavior