Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1533035
MD5: b98ffed8586d28233c812bd2e9c4f1f2
SHA1: 7198dfb80f47bb34c9f74a54454478dfc8cab2f8
SHA256: d32cabe55f2ab4e97c167d948a9999e0a8f5ef3c49f9c3005240669e11a5cd75
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 55% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF324 CryptVerifySignatureA, 0_2_00BEF324
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2118475854.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 0_2_00ADF0A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B050BB 0_2_00B050BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6F0BA 0_2_00B6F0BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2E0A4 0_2_00B2E0A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 0_2_00B8B0A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A930B3 0_2_00A930B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB308E 0_2_00AB308E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3308F 0_2_00A3308F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2909D 0_2_00B2909D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B59085 0_2_00B59085
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B72082 0_2_00B72082
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE8098 0_2_00AE8098
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3809F 0_2_00A3809F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD3090 0_2_00AD3090
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0A0F0 0_2_00B0A0F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5E0EC 0_2_00A5E0EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B580E6 0_2_00B580E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC0F9 0_2_00ADC0F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B420E3 0_2_00B420E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A460FE 0_2_00A460FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6B0E9 0_2_00B6B0E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2B0DF 0_2_00B2B0DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B550DB 0_2_00B550DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA60C5 0_2_00AA60C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A870DD 0_2_00A870DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B860CF 0_2_00B860CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2F0DE 0_2_00A2F0DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4E020 0_2_00A4E020
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A57021 0_2_00A57021
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1E034 0_2_00B1E034
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC102A 0_2_00AC102A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99024 0_2_00A99024
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A92027 0_2_00A92027
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4C022 0_2_00B4C022
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C033 0_2_00A9C033
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A89033 0_2_00A89033
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B53029 0_2_00B53029
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70039 0_2_00A70039
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F009 0_2_00A9F009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2E001 0_2_00A2E001
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACA008 0_2_00ACA008
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3201D 0_2_00B3201D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0101F 0_2_00B0101F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A37011 0_2_00A37011
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A23011 0_2_00A23011
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFC01B 0_2_00AFC01B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B36009 0_2_00B36009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A52018 0_2_00A52018
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9006A 0_2_00A9006A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3C077 0_2_00B3C077
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8062 0_2_00AB8062
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE5079 0_2_00AE5079
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B79069 0_2_00B79069
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2107C 0_2_00A2107C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36041 0_2_00A36041
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF104A 0_2_00AF104A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE2044 0_2_00AE2044
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B39059 0_2_00B39059
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6004A 0_2_00A6004A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A47049 0_2_00A47049
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4305A 0_2_00B4305A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A053 0_2_00A1A053
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE305D 0_2_00AE305D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABD05E 0_2_00ABD05E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE705B 0_2_00AE705B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6C1B2 0_2_00B6C1B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAC1AF 0_2_00AAC1AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B7A1BD 0_2_00B7A1BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A421AF 0_2_00A421AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B331B8 0_2_00B331B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6E1BA 0_2_00A6E1BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA1B6 0_2_00ABA1B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA418A 0_2_00AA418A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A72186 0_2_00A72186
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFE18C 0_2_00AFE18C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B14195 0_2_00B14195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A40181 0_2_00A40181
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3B195 0_2_00B3B195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2619A 0_2_00B2619A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF9183 0_2_00AF9183
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B18184 0_2_00B18184
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A43192 0_2_00A43192
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9D195 0_2_00A9D195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE1190 0_2_00AE1190
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9E1EB 0_2_00A9E1EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B611FB 0_2_00B611FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABB1E4 0_2_00ABB1E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B171E5 0_2_00B171E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA51FC 0_2_00AA51FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5F1F9 0_2_00A5F1F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADD1CB 0_2_00ADD1CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6E1D0 0_2_00B6E1D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B061DC 0_2_00B061DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B161C1 0_2_00B161C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B491C4 0_2_00B491C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A851DC 0_2_00A851DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B68136 0_2_00B68136
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB7128 0_2_00AB7128
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4F122 0_2_00A4F122
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4B132 0_2_00A4B132
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF8131 0_2_00AF8131
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8E10C 0_2_00A8E10C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6B100 0_2_00A6B100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7E10E 0_2_00A7E10E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD0104 0_2_00AD0104
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D103 0_2_00A8D103
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD111A 0_2_00AD111A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6811C 0_2_00A6811C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3710F 0_2_00B3710F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6D176 0_2_00B6D176
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B22175 0_2_00B22175
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAB162 0_2_00AAB162
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AED167 0_2_00AED167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4717E 0_2_00B4717E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADB161 0_2_00ADB161
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC8163 0_2_00AC8163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6A172 0_2_00A6A172
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1A166 0_2_00B1A166
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A18179 0_2_00A18179
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8C171 0_2_00A8C171
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3A16D 0_2_00B3A16D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAA148 0_2_00AAA148
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7914D 0_2_00A7914D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A20149 0_2_00A20149
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABF147 0_2_00ABF147
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEA158 0_2_00AEA158
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5F142 0_2_00B5F142
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC7155 0_2_00AC7155
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4A14D 0_2_00B4A14D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98153 0_2_00A98153
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A302A2 0_2_00A302A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4B2B7 0_2_00B4B2B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9A2BA 0_2_00A9A2BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACC2BA 0_2_00ACC2BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2D2B5 0_2_00A2D2B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5E2AC 0_2_00B5E2AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56287 0_2_00A56287
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A71293 0_2_00A71293
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B15288 0_2_00B15288
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96294 0_2_00A96294
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A452E7 0_2_00A452E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB02E8 0_2_00AB02E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A392E6 0_2_00A392E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3F2E5 0_2_00A3F2E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B122F7 0_2_00B122F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B252F8 0_2_00B252F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A402E8 0_2_00A402E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B442E0 0_2_00B442E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B702E1 0_2_00B702E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B092E7 0_2_00B092E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1F2F9 0_2_00A1F2F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2F2E8 0_2_00B2F2E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A372FC 0_2_00A372FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6A2D4 0_2_00B6A2D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A492C2 0_2_00A492C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A552CD 0_2_00A552CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC92DB 0_2_00AC92DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3D220 0_2_00A3D220
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD8228 0_2_00AD8228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B51233 0_2_00B51233
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5A23C 0_2_00B5A23C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFA225 0_2_00AFA225
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0B23B 0_2_00B0B23B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B07222 0_2_00B07222
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA9233 0_2_00AA9233
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4822F 0_2_00B4822F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4A239 0_2_00A4A239
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB220A 0_2_00AB220A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB920A 0_2_00AB920A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD320B 0_2_00AD320B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A75208 0_2_00A75208
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2A212 0_2_00A2A212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACB21F 0_2_00ACB21F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A41212 0_2_00A41212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8821E 0_2_00A8821E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFB266 0_2_00AFB266
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A26269 0_2_00A26269
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A53274 0_2_00A53274
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A67277 0_2_00A67277
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B54267 0_2_00B54267
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF275 0_2_00AFF275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7927B 0_2_00A7927B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8124B 0_2_00A8124B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5D24C 0_2_00A5D24C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7C248 0_2_00A7C248
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D253 0_2_00A8D253
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A803AB 0_2_00A803AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACF3A4 0_2_00ACF3A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B7F3B9 0_2_00B7F3B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEB3BD 0_2_00AEB3BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5A3B3 0_2_00A5A3B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A823B2 0_2_00A823B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A193BA 0_2_00A193BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0E396 0_2_00B0E396
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B60390 0_2_00B60390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A38384 0_2_00A38384
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5238E 0_2_00A5238E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6938A 0_2_00A6938A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1639C 0_2_00B1639C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99387 0_2_00A99387
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A66392 0_2_00A66392
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36398 0_2_00A36398
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC5397 0_2_00AC5397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4D389 0_2_00B4D389
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2E3EB 0_2_00A2E3EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC13E2 0_2_00AC13E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B713E3 0_2_00B713E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2E3E9 0_2_00B2E3E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABD3F6 0_2_00ABD3F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B623D6 0_2_00B623D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABB3C6 0_2_00ABB3C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD53DD 0_2_00AD53DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAD329 0_2_00AAD329
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B49331 0_2_00B49331
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD230F 0_2_00AD230F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF3301 0_2_00AF3301
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4E317 0_2_00A4E317
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B68300 0_2_00B68300
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF6317 0_2_00AF6317
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1930B 0_2_00B1930B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE9315 0_2_00AE9315
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2730E 0_2_00B2730E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAF36A 0_2_00AAF36A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB2368 0_2_00AB2368
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B66375 0_2_00B66375
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6236C 0_2_00A6236C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEC37D 0_2_00AEC37D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0F368 0_2_00B0F368
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A44348 0_2_00A44348
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D352 0_2_00A6D352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8E35C 0_2_00A8E35C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5634A 0_2_00B5634A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF84AD 0_2_00AF84AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAE4AC 0_2_00AAE4AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6E4BC 0_2_00B6E4BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4C4BB 0_2_00B4C4BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC24B8 0_2_00AC24B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACB4B6 0_2_00ACB4B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD64B1 0_2_00AD64B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A704BA 0_2_00A704BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4E492 0_2_00B4E492
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A90481 0_2_00A90481
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5848A 0_2_00A5848A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4F484 0_2_00B4F484
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B57488 0_2_00B57488
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB1495 0_2_00AB1495
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B214F3 0_2_00B214F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A994EA 0_2_00A994EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A564E0 0_2_00A564E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A614E0 0_2_00A614E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B204F4 0_2_00B204F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B354FF 0_2_00B354FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3E4EE 0_2_00A3E4EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D4E8 0_2_00A6D4E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACA4FC 0_2_00ACA4FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B584E1 0_2_00B584E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA74C9 0_2_00AA74C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8A4D5 0_2_00B8A4D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1E4DE 0_2_00B1E4DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B044C1 0_2_00B044C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF44DB 0_2_00AF44DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A514D3 0_2_00A514D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2B432 0_2_00B2B432
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A86429 0_2_00A86429
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF42D 0_2_00AFF42D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C424 0_2_00A9C424
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2D43F 0_2_00B2D43F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A22430 0_2_00A22430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B01424 0_2_00B01424
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B68416 0_2_00B68416
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2A40A 0_2_00B2A40A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2C419 0_2_00A2C419
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC0410 0_2_00AC0410
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B7340B 0_2_00B7340B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFC46D 0_2_00AFC46D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4D461 0_2_00A4D461
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4B46C 0_2_00A4B46C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8A460 0_2_00A8A460
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB547A 0_2_00AB547A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B13460 0_2_00B13460
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0A465 0_2_00B0A465
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A97471 0_2_00A97471
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2846A 0_2_00B2846A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE2477 0_2_00AE2477
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6A44E 0_2_00A6A44E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6145F 0_2_00B6145F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F442 0_2_00A9F442
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE7445 0_2_00AE7445
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2445D 0_2_00B2445D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA445B 0_2_00AA445B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEF459 0_2_00AEF459
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABF451 0_2_00ABF451
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5944E 0_2_00B5944E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3644E 0_2_00B3644E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE1450 0_2_00AE1450
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A565A6 0_2_00A565A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A495A1 0_2_00A495A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7E5AC 0_2_00A7E5AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5B5B1 0_2_00A5B5B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC95B8 0_2_00AC95B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADB5B8 0_2_00ADB5B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A645BE 0_2_00A645BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1B5BA 0_2_00A1B5BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B08591 0_2_00B08591
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5B596 0_2_00B5B596
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3E596 0_2_00B3E596
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6B593 0_2_00B6B593
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B14596 0_2_00B14596
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3A59B 0_2_00B3A59B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADD586 0_2_00ADD586
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC7582 0_2_00AC7582
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7B59C 0_2_00A7B59C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF0591 0_2_00AF0591
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A245E0 0_2_00A245E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A225E1 0_2_00A225E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B235F7 0_2_00B235F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A315E8 0_2_00A315E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF5E1 0_2_00ADF5E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA95E7 0_2_00AA95E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA25FA 0_2_00AA25FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD35FC 0_2_00AD35FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B445ED 0_2_00B445ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3D5D2 0_2_00B3D5D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1C5C6 0_2_00A1C5C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA85CD 0_2_00AA85CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5F5DF 0_2_00B5F5DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A725DF 0_2_00A725DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7C5D9 0_2_00A7C5D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B465CA 0_2_00B465CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0D533 0_2_00B0D533
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE5528 0_2_00AE5528
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA3523 0_2_00AA3523
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEE53E 0_2_00AEE53E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF750C 0_2_00AF750C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B15515 0_2_00B15515
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B41512 0_2_00B41512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8C50F 0_2_00A8C50F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE0507 0_2_00AE0507
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAB500 0_2_00AAB500
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5A51B 0_2_00B5A51B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4A50B 0_2_00A4A50B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A514 0_2_00A1A514
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4950F 0_2_00B4950F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2650C 0_2_00B2650C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5E574 0_2_00B5E574
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB956F 0_2_00AB956F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE856B 0_2_00AE856B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8956F 0_2_00A8956F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4757C 0_2_00B4757C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B09579 0_2_00B09579
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6A573 0_2_00A6A573
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B51560 0_2_00B51560
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB7577 0_2_00AB7577
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2256F 0_2_00B2256F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC54E 0_2_00ADC54E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF154A 0_2_00AF154A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB055C 0_2_00AB055C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0C54A 0_2_00B0C54A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1A54E 0_2_00B1A54E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A816AC 0_2_00A816AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3B6AB 0_2_00A3B6AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACD6BC 0_2_00ACD6BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A786B0 0_2_00A786B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B52691 0_2_00B52691
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABD68C 0_2_00ABD68C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1F69D 0_2_00B1F69D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7F696 0_2_00A7F696
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B38680 0_2_00B38680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA569F 0_2_00AA569F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A17699 0_2_00A17699
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4569F 0_2_00A4569F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB46EB 0_2_00AB46EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B486F2 0_2_00B486F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A396EB 0_2_00A396EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A886E2 0_2_00A886E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A946E3 0_2_00A946E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6B6EA 0_2_00A6B6EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC86E3 0_2_00AC86E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4B6E0 0_2_00B4B6E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFA6F9 0_2_00AFA6F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A566F8 0_2_00A566F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A976F6 0_2_00A976F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A186C0 0_2_00A186C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A166C4 0_2_00A166C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B546DD 0_2_00B546DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B066D9 0_2_00B066D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF96D4 0_2_00AF96D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9A6D4 0_2_00A9A6D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B04638 0_2_00B04638
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0B63C 0_2_00B0B63C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA6639 0_2_00AA6639
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1E603 0_2_00A1E603
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8608 0_2_00AB8608
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1E616 0_2_00B1E616
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A54608 0_2_00A54608
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9E606 0_2_00A9E606
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5F617 0_2_00A5F617
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9B61D 0_2_00A9B61D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8B611 0_2_00A8B611
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5361B 0_2_00A5361B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8E67E 0_2_00B8E67E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4E674 0_2_00A4E674
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6E671 0_2_00A6E671
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0A669 0_2_00B0A669
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2B67E 0_2_00A2B67E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACE64D 0_2_00ACE64D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B70646 0_2_00B70646
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9565C 0_2_00A9565C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE9655 0_2_00AE9655
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B4E7B7 0_2_00B4E7B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A717A3 0_2_00A717A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8E7A0 0_2_00A8E7A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC37A5 0_2_00AC37A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE67A7 0_2_00AE67A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A377AE 0_2_00A377AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B177AC 0_2_00B177AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B007AE 0_2_00B007AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADA78D 0_2_00ADA78D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B23793 0_2_00B23793
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B27790 0_2_00B27790
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4278D 0_2_00A4278D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1978C 0_2_00B1978C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF7EE 0_2_00AFF7EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B647F5 0_2_00B647F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1D7E5 0_2_00A1D7E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9B7E0 0_2_00A9B7E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B187FD 0_2_00B187FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4D7E9 0_2_00A4D7E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4B7F5 0_2_00A4B7F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC17FD 0_2_00AC17FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF27CC 0_2_00AF27CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3E7C7 0_2_00A3E7C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A267CB 0_2_00A267CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2D7CE 0_2_00A2D7CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A737CA 0_2_00A737CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF47C2 0_2_00AF47C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B317CB 0_2_00B317CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B627CC 0_2_00B627CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE07D5 0_2_00AE07D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3D7DC 0_2_00A3D7DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2729 0_2_00AD2729
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF3728 0_2_00AF3728
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9673F 0_2_00A9673F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7673E 0_2_00A7673E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3472A 0_2_00B3472A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2C713 0_2_00B2C713
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC670E 0_2_00AC670E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2F710 0_2_00B2F710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A29701 0_2_00A29701
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7771F 0_2_00A7771F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0768 0_2_00AA0768
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8B778 0_2_00A8B778
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFD77F 0_2_00AFD77F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B37760 0_2_00B37760
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A50770 0_2_00A50770
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE1774 0_2_00AE1774
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0E76F 0_2_00B0E76F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A66746 0_2_00A66746
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A82748 0_2_00A82748
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B60755 0_2_00B60755
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B71754 0_2_00B71754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABE741 0_2_00ABE741
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A32748 0_2_00A32748
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C751 0_2_00A9C751
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6475D 0_2_00A6475D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A86753 0_2_00A86753
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A2E8B7 0_2_00A2E8B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2B8AB 0_2_00B2B8AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B308AC 0_2_00B308AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC4889 0_2_00AC4889
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A7988E 0_2_00A7988E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3F89F 0_2_00A3F89F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA48EC 0_2_00AA48EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F8E1 0_2_00A9F8E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A558EA 0_2_00A558EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8A8F9 0_2_00A8A8F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B428E6 0_2_00B428E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5E8FA 0_2_00A5E8FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACE8F3 0_2_00ACE8F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A1A8C0 0_2_00A1A8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD48CF 0_2_00AD48CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A198C5 0_2_00A198C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A728CE 0_2_00A728CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A348CC 0_2_00A348CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A448D7 0_2_00A448D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B408C0 0_2_00B408C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B2E8C4 0_2_00B2E8C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A218D5 0_2_00A218D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A708D9 0_2_00A708D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B348CD 0_2_00B348CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B5D830 0_2_00B5D830
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B07838 0_2_00B07838
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6382B 0_2_00A6382B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB383E 0_2_00AB383E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B3C82A 0_2_00B3C82A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5783E 0_2_00A5783E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC580D 0_2_00AC580D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B6E814 0_2_00B6E814
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD9809 0_2_00AD9809
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8880F 0_2_00A8880F
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00BEA319 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2251749185.0000000000A06000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2251545737.000000000090E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: emyaprgj ZLIB complexity 0.9950791321784354
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe Virustotal: Detection: 55%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1772544 > 1048576
Source: file.exe Static PE information: Raw size of emyaprgj is bigger than: 0x100000 < 0x1aaa00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2118475854.0000000004BB0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2251732763.0000000000A02000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.a00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;emyaprgj:EW;wiqpbsfr:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1bd03e should be: 0x1bc0a3
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: emyaprgj
Source: file.exe Static PE information: section name: wiqpbsfr
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A11990 push ecx; mov dword ptr [esp], esi 0_2_00A119A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A0EF70 push ebx; mov dword ptr [esp], eax 0_2_00A0F5F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A130AA push edi; mov dword ptr [esp], 76FB0B29h 0_2_00A1323A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], ebp 0_2_00ADF396
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push 2D0BD9D1h; mov dword ptr [esp], eax 0_2_00ADF3A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], edi 0_2_00ADF3BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push 183A62E3h; mov dword ptr [esp], esi 0_2_00ADF416
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edi; mov dword ptr [esp], esp 0_2_00ADF422
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push 3B3FAE03h; mov dword ptr [esp], eax 0_2_00ADF433
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], edi 0_2_00ADF453
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edx; mov dword ptr [esp], ecx 0_2_00ADF498
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push edi; mov dword ptr [esp], 6F616185h 0_2_00ADF547
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push 46AB80ABh; mov dword ptr [esp], ebx 0_2_00ADF584
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADF0A6 push eax; mov dword ptr [esp], 161E7B7Eh 0_2_00ADF58E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C810DF push 09F50D33h; mov dword ptr [esp], eax 0_2_00C81145
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebx; mov dword ptr [esp], esp 0_2_00B8B0D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push edi; mov dword ptr [esp], 69BAA2A4h 0_2_00B8B221
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], ecx 0_2_00B8B23C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push 463F73FDh; mov dword ptr [esp], eax 0_2_00B8B349
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push eax; mov dword ptr [esp], 16F07912h 0_2_00B8B3B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push edx; mov dword ptr [esp], 68DFB461h 0_2_00B8B3D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push 20507DB7h; mov dword ptr [esp], ebx 0_2_00B8B4BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], 70C92EC3h 0_2_00B8B536
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push 651C62C2h; mov dword ptr [esp], ebx 0_2_00B8B58D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push edi; mov dword ptr [esp], 3BFE5100h 0_2_00B8B59C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push esi; mov dword ptr [esp], eax 0_2_00B8B62B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push esi; mov dword ptr [esp], 7ADFF6FBh 0_2_00B8B630
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebx; mov dword ptr [esp], ebp 0_2_00B8B69B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], edx 0_2_00B8B69F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push ebp; mov dword ptr [esp], ecx 0_2_00B8B6D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B8B0A1 push 46479BD8h; mov dword ptr [esp], ebx 0_2_00B8B78A
Source: file.exe Static PE information: section name: entropy: 7.7321523141435
Source: file.exe Static PE information: section name: emyaprgj entropy: 7.954214251652952

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0E2D2 second address: A0E2F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C3552Dh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD698C3552Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85BCE second address: B85BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85BD4 second address: B85BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85BD8 second address: B85BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD698C2C8E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD698C2C8ECh 0x00000015 jng 00007FD698C2C8E6h 0x0000001b popad 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85BFE second address: B85C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85C05 second address: B85C19 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD698C2C8EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B85C19 second address: B85C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C35532h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B93152 second address: B93157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B932E6 second address: B932EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B932EE second address: B932F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B932F7 second address: B932FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B932FB second address: B9331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96B15 second address: B96B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96B19 second address: B96B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96B1F second address: B96BBE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 65B43700h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007FD698C35528h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 push 00000003h 0x0000002b cld 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebp 0x00000031 call 00007FD698C35528h 0x00000036 pop ebp 0x00000037 mov dword ptr [esp+04h], ebp 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc ebp 0x00000044 push ebp 0x00000045 ret 0x00000046 pop ebp 0x00000047 ret 0x00000048 mov ecx, 221485F7h 0x0000004d push 00000003h 0x0000004f je 00007FD698C35528h 0x00000055 mov edi, edx 0x00000057 call 00007FD698C35529h 0x0000005c jmp 00007FD698C35530h 0x00000061 push eax 0x00000062 jmp 00007FD698C35530h 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b pushad 0x0000006c pushad 0x0000006d jnc 00007FD698C35526h 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96BBE second address: B96C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FD698C2C8ECh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007FD698C2C8EBh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 jmp 00007FD698C2C8F6h 0x0000001d jg 00007FD698C2C8ECh 0x00000023 popad 0x00000024 pop eax 0x00000025 mov si, bx 0x00000028 mov cx, 32C0h 0x0000002c lea ebx, dword ptr [ebp+1245C8C7h] 0x00000032 mov di, dx 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96C1F second address: B96C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96C24 second address: B96C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD698C2C8EDh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96C41 second address: B96C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B96D0F second address: B96D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C2C8E6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD698C2C8F5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB577E second address: BB5784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB5784 second address: BB57A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push edx 0x00000007 jmp 00007FD698C2C8F7h 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB58D2 second address: BB58DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD698C35526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB58DC second address: BB58E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB58E0 second address: BB58F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD698C3552Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB5A25 second address: BB5A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FD698C2C8FAh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB5B97 second address: BB5BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD698C35532h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB5E3A second address: BB5E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8AC6E second address: B8AC76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB6DD2 second address: BB6DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BB6DD9 second address: BB6DE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BBAEC4 second address: BBAEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BBB0CB second address: BBB0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BBB0D1 second address: BBB0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BBD243 second address: BBD25A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FD698C35526h 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7EF2A second address: B7EF37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FD698C2C8E6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC2215 second address: BC2275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD698C3552Ah 0x0000000c jmp 00007FD698C35539h 0x00000011 push eax 0x00000012 jmp 00007FD698C35537h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pop eax 0x0000001a popad 0x0000001b push edi 0x0000001c push edi 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 pushad 0x00000021 jmp 00007FD698C35533h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC17EA second address: BC17FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD698C2C8EBh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC17FE second address: BC1804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC1804 second address: BC1808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC1808 second address: BC1816 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC1816 second address: BC183B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FD698C2C8F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC183B second address: BC1853 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD698C35526h 0x00000008 ja 00007FD698C35526h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007FD698C35528h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC1853 second address: BC185F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jbe 00007FD698C2C8E6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC1964 second address: BC19AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD698C35526h 0x0000000a jmp 00007FD698C35538h 0x0000000f popad 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FD698C3552Ch 0x00000019 push esi 0x0000001a jmp 00007FD698C35532h 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC19AA second address: BC19B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8AC56 second address: B8AC5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B8AC5A second address: B8AC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jl 00007FD698C2C8E6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC3837 second address: BC385F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Bh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FD698C35531h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC385F second address: BC3879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C2C8EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FD698C2C8EEh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC4E3D second address: BC4E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FD698C3552Ch 0x00000012 jng 00007FD698C35526h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC4E55 second address: BC4E5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC5930 second address: BC5934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC5934 second address: BC5938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC5A4C second address: BC5A56 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC5F76 second address: BC5FA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD698C2C8F0h 0x00000008 jmp 00007FD698C2C8F0h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007FD698C2C8E6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC5FA7 second address: BC5FB1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC6DA1 second address: BC6DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC6DA5 second address: BC6DAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC806E second address: BC8091 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FD698C2C8E6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC8AD5 second address: BC8B34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007FD698C35528h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov edi, esi 0x00000028 jmp 00007FD698C35536h 0x0000002d push 00000000h 0x0000002f jmp 00007FD698C3552Ah 0x00000034 push 00000000h 0x00000036 xchg eax, ebx 0x00000037 pushad 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC92C9 second address: BC92CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC92CD second address: BC92D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA013 second address: BCA067 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FD698C2C8E8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007FD698C2C8E8h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e mov edi, dword ptr [ebp+122D2A58h] 0x00000044 push 00000000h 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 push esi 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BC92D3 second address: BC92DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD698C35526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA067 second address: BCA06C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCA06C second address: BCA089 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FD698C35531h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCAB1D second address: BCABC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FD698C2C8E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 sbb si, 5771h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007FD698C2C8E8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 0000001Ch 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 jnl 00007FD698C2C8ECh 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f pushad 0x00000050 jmp 00007FD698C2C8F2h 0x00000055 jmp 00007FD698C2C8F5h 0x0000005a popad 0x0000005b pop eax 0x0000005c push eax 0x0000005d jc 00007FD698C2C8EEh 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB6DB second address: BCB6DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB46E second address: BCB473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCB473 second address: BCB478 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCEE16 second address: BCEE1C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD0DC8 second address: BD0E29 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007FD698C35528h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FD698C35528h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 push 00000000h 0x00000042 mov ebx, 34D6ADBEh 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007FD698C3552Ch 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD1DA7 second address: BD1DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD2D82 second address: BD2D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD2D86 second address: BD2D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD3D43 second address: BD3D4D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD3D4D second address: BD3DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FD698C2C8E8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 sub bh, 00000050h 0x00000026 call 00007FD698C2C8ECh 0x0000002b mov ebx, 6782084Ah 0x00000030 pop edi 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 cld 0x00000036 jmp 00007FD698C2C8EBh 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 push eax 0x00000044 push edx 0x00000045 jbe 00007FD698C2C8E6h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD5BFC second address: BD5C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD5C00 second address: BD5C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD6B7D second address: BD6B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD6B81 second address: BD6B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD8DD2 second address: BD8E63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35536h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FD698C35528h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, 5B8AFD14h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007FD698C35528h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+122D18ACh] 0x0000004f xchg eax, esi 0x00000050 pushad 0x00000051 pushad 0x00000052 jc 00007FD698C35526h 0x00000058 push edi 0x00000059 pop edi 0x0000005a popad 0x0000005b jmp 00007FD698C35530h 0x00000060 popad 0x00000061 push eax 0x00000062 push ecx 0x00000063 push eax 0x00000064 push edx 0x00000065 push ebx 0x00000066 pop ebx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB550 second address: BDB554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD6CC8 second address: BD6CD2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD905A second address: BD9064 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD698C2C8E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB554 second address: BDB56C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BD9064 second address: BD906A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB56C second address: BDB572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB572 second address: BDB576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB576 second address: BDB5D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FD698C35528h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov di, dx 0x00000026 push 00000000h 0x00000028 add dword ptr [ebp+122D19DEh], ecx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push esi 0x00000033 call 00007FD698C35528h 0x00000038 pop esi 0x00000039 mov dword ptr [esp+04h], esi 0x0000003d add dword ptr [esp+04h], 0000001Ch 0x00000045 inc esi 0x00000046 push esi 0x00000047 ret 0x00000048 pop esi 0x00000049 ret 0x0000004a or bx, 617Bh 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB5D9 second address: BDB5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDB5DD second address: BDB5E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDD87B second address: BDD895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE078E second address: BE079D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jns 00007FD698C35526h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE079D second address: BE07BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE07BC second address: BE07CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FD698C3552Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE07CD second address: BE07D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE07D1 second address: BE07E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C35531h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE07E6 second address: BE07EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0D6C second address: BE0DD0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007FD698C35528h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007FD698C35528h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov ebx, edx 0x00000046 push 00000000h 0x00000048 ja 00007FD698C3552Ch 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jl 00007FD698C35526h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DD0 second address: BE0DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DD6 second address: BE0DE0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD698C3552Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DE0 second address: BE0DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DEC second address: BE0DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DF0 second address: BE0DFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DFA second address: BE0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE0DFE second address: BE0E02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE100E second address: BE1014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE8626 second address: BE862C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BE862C second address: BE8630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA26F second address: BFA273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA273 second address: BFA279 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA30D second address: BFA369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FD698C2C8F9h 0x00000016 popad 0x00000017 pop edx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d jc 00007FD698C2C8ECh 0x00000023 jmp 00007FD698C2C8F2h 0x00000028 popad 0x00000029 mov eax, dword ptr [eax] 0x0000002b push eax 0x0000002c push edx 0x0000002d je 00007FD698C2C8ECh 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA369 second address: BFA36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA43D second address: BFA443 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA443 second address: BFA448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA4D6 second address: BFA512 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD698C2C8ECh 0x00000008 ja 00007FD698C2C8E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jns 00007FD698C2C8F6h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD698C2C8ECh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFA512 second address: BFA51C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC58A second address: BFC58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC58E second address: BFC5A4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD698C3552Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC5A4 second address: BFC5AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC5AC second address: BFC5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC5B0 second address: BFC5B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC5B4 second address: BFC602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD698C35539h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a pushad 0x0000001b jmp 00007FD698C35539h 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC602 second address: BFC60B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFC60B second address: BFC60F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74B8F second address: B74B9B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD698C2C8EEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74B9B second address: B74BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD698C35530h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74BB5 second address: B74BBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74BBB second address: B74BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007FD698C35526h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74BCC second address: B74BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B74BD3 second address: B74BD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C014E8 second address: C014F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C014F1 second address: C014F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C014F5 second address: C01500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C002D6 second address: C002DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C002DA second address: C002EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnp 00007FD698C2C8E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C002EC second address: C002F2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C008A4 second address: C008B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C2C8ECh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C008B6 second address: C008DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Fh 0x00000007 push ecx 0x00000008 jmp 00007FD698C35533h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C01074 second address: C01089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C01089 second address: C0108F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C011CE second address: C011E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD698C2C8EEh 0x0000000c jl 00007FD698C2C8E6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C040AC second address: C040D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FD698C35526h 0x00000011 jmp 00007FD698C35533h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C040D7 second address: C040E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 jno 00007FD698C2C91Fh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C092D9 second address: C092E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C092E1 second address: C092E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCC87B second address: BCC8AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d movsx esi, cx 0x00000010 mov ah, 3Bh 0x00000012 popad 0x00000013 lea eax, dword ptr [ebp+12492604h] 0x00000019 mov dword ptr [ebp+122D376Bh], esi 0x0000001f push eax 0x00000020 pushad 0x00000021 push ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCC8AC second address: BCC8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCCCF0 second address: BCCCF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCCDA0 second address: BCCDA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCCDA4 second address: BCCDB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FD698C35526h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD68B second address: BCD6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD6A2 second address: BCD6EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FD698C3552Fh 0x00000013 push 0000001Eh 0x00000015 mov dx, bx 0x00000018 push eax 0x00000019 jne 00007FD698C35558h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD698C35536h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD9A5 second address: BCDA27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD698C2C8F6h 0x0000000f nop 0x00000010 jmp 00007FD698C2C8F6h 0x00000015 lea eax, dword ptr [ebp+12492604h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007FD698C2C8E8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov edx, dword ptr [ebp+122D214Ah] 0x0000003b sub dword ptr [ebp+122D2B62h], eax 0x00000041 or ecx, 65D2248Eh 0x00000047 push eax 0x00000048 pushad 0x00000049 jbe 00007FD698C2C8ECh 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCDA27 second address: BCDA2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCDA2F second address: BAA88B instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD698C2C8E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FD698C2C8E8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 call dword ptr [ebp+122D253Dh] 0x0000002e jmp 00007FD698C2C8F3h 0x00000033 push eax 0x00000034 pushad 0x00000035 push esi 0x00000036 pop esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BAA88B second address: BAA893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0861F second address: C08623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08787 second address: C08793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08793 second address: C08797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08BDC second address: C08BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C35535h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08DA6 second address: C08DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08DAC second address: C08DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C08DB6 second address: C08DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0DBD4 second address: C0DBDD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0DBDD second address: C0DC01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD698C2C8EEh 0x0000000e jmp 00007FD698C2C8EDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E4AE second address: C0E4B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E4B6 second address: C0E4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E665 second address: C0E66B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E66B second address: C0E66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E66F second address: C0E673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0E994 second address: C0E99E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C11F92 second address: C11FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 ja 00007FD698C3552Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C171D8 second address: C171DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C171DE second address: C171E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C171E5 second address: C171EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C174C8 second address: C174E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jne 00007FD698C35526h 0x0000000e pop edx 0x0000000f ja 00007FD698C3552Ah 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C174E8 second address: C174EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C174EC second address: C174F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C177DD second address: C177E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C17952 second address: C1796C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jp 00007FD698C35526h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C17C25 second address: C17C4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jne 00007FD698C2C8E6h 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C17E9C second address: C17EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C185EC second address: C18631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop ecx 0x00000009 jl 00007FD698C2C918h 0x0000000f jmp 00007FD698C2C8F9h 0x00000014 jmp 00007FD698C2C8F9h 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C16E9D second address: C16EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD698C35528h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1BC0E second address: C1BC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD698C2C8F7h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1BC2E second address: C1BC34 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1BC34 second address: C1BC40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FD698C2C8E6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1BC40 second address: C1BC4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FD698C35526h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1B8EF second address: C1B8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C221D6 second address: C22203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C35534h 0x00000007 jmp 00007FD698C35531h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C22203 second address: C22218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C22218 second address: C22239 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007FD698C35534h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26E36 second address: C26E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26E40 second address: C26E4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26E4C second address: C26E60 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD698C2C8E8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FD698C2C8E6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26FBC second address: C26FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26FC2 second address: C26FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop eax 0x0000000d jl 00007FD698C2C8E8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C26FDB second address: C26FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C273EB second address: C27413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F4h 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007FD698C2C8E6h 0x00000011 jnl 00007FD698C2C8E6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C27413 second address: C2741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2741D second address: C27426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C27426 second address: C27430 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C35526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C27430 second address: C27448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FD698C2C8EEh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C27448 second address: C2744C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2744C second address: C2745B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD4AF second address: BCD4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD4B3 second address: BCD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BCD4B9 second address: BCD520 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C3552Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov cx, 292Ch 0x00000011 push 00000004h 0x00000013 mov ecx, dword ptr [ebp+122D3A25h] 0x00000019 mov cx, 136Ah 0x0000001d nop 0x0000001e pushad 0x0000001f jno 00007FD698C35532h 0x00000025 pushad 0x00000026 jmp 00007FD698C3552Ah 0x0000002b jmp 00007FD698C35538h 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 jng 00007FD698C35530h 0x00000039 push eax 0x0000003a push edx 0x0000003b push edx 0x0000003c pop edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2772F second address: C27733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C27733 second address: C27739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2C2D7 second address: C2C2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2C2DB second address: C2C2E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2C2E1 second address: C2C304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FD698C2C8E6h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FD698C2C8F1h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2C304 second address: C2C327 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD698C3553Dh 0x00000008 jmp 00007FD698C35537h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2C327 second address: C2C33D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD698C2C8EBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2BB5A second address: C2BB64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2BB64 second address: C2BB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2BB6A second address: C2BB81 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD698C35526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FD698C3552Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2BCB7 second address: C2BCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34711 second address: C34715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34715 second address: C34730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD698C2C8E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FD698C2C8ECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34730 second address: C34735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7D2C9 second address: B7D2D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B7D2D0 second address: B7D2D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C32F79 second address: C32F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3354E second address: C33570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007FD698C35526h 0x0000000c jc 00007FD698C35526h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c jng 00007FD698C35526h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C33570 second address: C33576 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C33E3C second address: C33E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C33E40 second address: C33E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C377E2 second address: C377F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD698C35526h 0x0000000a push edx 0x0000000b pop edx 0x0000000c jnc 00007FD698C35526h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C377F9 second address: C377FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C377FD second address: C37812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C379A5 second address: C379CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8EEh 0x00000009 pop ebx 0x0000000a jmp 00007FD698C2C8F4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C37CC2 second address: C37CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C37CC6 second address: C37D2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F9h 0x00000007 jo 00007FD698C2C8E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jbe 00007FD698C2C8E6h 0x00000016 jmp 00007FD698C2C8F5h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007FD698C2C8F8h 0x00000025 jne 00007FD698C2C8E6h 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e push edi 0x0000002f pushad 0x00000030 popad 0x00000031 pop edi 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C37D2F second address: C37D34 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C37D34 second address: C37D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3812B second address: C3812F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C38295 second address: C3829A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3D021 second address: C3D027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3D027 second address: C3D04C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD698C2C8F7h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43F87 second address: C43FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FD698C35535h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43FA8 second address: C43FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43FAC second address: C43FCD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD698C35531h 0x0000000d jng 00007FD698C35532h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4412D second address: C44133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44133 second address: C44137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442A2 second address: C442B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FD698C2C8E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442B3 second address: C442B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442B7 second address: C442BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442BD second address: C442C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442C2 second address: C442CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442CA second address: C442D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442D5 second address: C442D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C442D9 second address: C442DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44477 second address: C44489 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD698C2C8ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44489 second address: C4448D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4465B second address: C44670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8EBh 0x00000007 jns 00007FD698C2C8E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44670 second address: C44699 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FD698C35526h 0x00000009 jmp 00007FD698C35539h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44699 second address: C4469D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4482D second address: C4483F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FD698C3552Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C450E1 second address: C450EB instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD698C2C8ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4E9A1 second address: C4E9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4E9AA second address: C4E9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD698C2C8F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4E9BF second address: C4E9C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4E9C5 second address: C4E9D6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C2C8ECh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4EB6A second address: C4EB87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD698C35531h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5B18F second address: C5B193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5AC7C second address: C5AC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jl 00007FD698C35526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop esi 0x00000012 jp 00007FD698C3552Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5E042 second address: C5E06E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FD698C2C8EBh 0x0000000a jmp 00007FD698C2C8EEh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jng 00007FD698C2C8F2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5E06E second address: C5E074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6590B second address: C65911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C65911 second address: C65915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BF10 second address: C6BF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BF16 second address: C6BF2E instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD698C35526h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FD698C3552Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BF2E second address: C6BF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BF34 second address: C6BF46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jne 00007FD698C35526h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BDA3 second address: C6BDA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BDA9 second address: C6BDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6D674 second address: C6D67A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6D67A second address: C6D67E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7020C second address: C70227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007FD698C2C8F3h 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007FD698C2C8EBh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C70227 second address: C7024A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d popad 0x0000000e jng 00007FD698C3553Ah 0x00000014 jbe 00007FD698C3552Ch 0x0000001a jo 00007FD698C35526h 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C77B4A second address: C77B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jng 00007FD698C2C8E6h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD698C2C8EDh 0x00000017 jmp 00007FD698C2C8F0h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C77B79 second address: C77B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7CDB0 second address: C7CDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7CDB8 second address: C7CDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FD698C35526h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7D353 second address: C7D359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7D359 second address: C7D35E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7D4B0 second address: C7D4C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b jl 00007FD698C2C8EEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7D76C second address: C7D78B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C3552Bh 0x00000007 jmp 00007FD698C3552Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7D78B second address: C7D7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 js 00007FD698C2C8FDh 0x0000000d jmp 00007FD698C2C8F7h 0x00000012 push edx 0x00000013 jnc 00007FD698C2C8E6h 0x00000019 pop edx 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C812E5 second address: C812FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 jnl 00007FD698C3552Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B68B second address: C9B6AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C2C8E6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007FD698C2C8F4h 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B34E second address: C9B356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B356 second address: C9B35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA19D5 second address: CA19DF instructions: 0x00000000 rdtsc 0x00000002 js 00007FD698C35526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA19DF second address: CA19E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA19E8 second address: CA19F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD698C35526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA1B2F second address: CA1B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA1CAD second address: CA1CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA1F52 second address: CA1F90 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD698C2C8E6h 0x00000008 jne 00007FD698C2C8E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pushad 0x00000012 ja 00007FD698C2C8ECh 0x00000018 pushad 0x00000019 jmp 00007FD698C2C8F7h 0x0000001e jg 00007FD698C2C8E6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA1F90 second address: CA1FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FD698C35526h 0x0000000e jmp 00007FD698C35538h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA56C0 second address: CA5729 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FD698C2C8FCh 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD698C2C8F7h 0x0000001b jmp 00007FD698C2C8F2h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAA7DA second address: CAA7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAA7DF second address: CAA7FA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD698C2C8ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007FD698C2C8F9h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC15A second address: CAC17D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FD698C35538h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC17D second address: CAC18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD698C2C8E6h 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC18D second address: CAC1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FD698C35526h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC1A0 second address: CAC1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC1A4 second address: CAC1A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CADE3C second address: CADE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FD698C2C8E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CADE4C second address: CADE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD698C35526h 0x0000000a pop edx 0x0000000b pushad 0x0000000c js 00007FD698C3552Eh 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CADE62 second address: CADE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007FD698C2C8E6h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007FD698C2C8E6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CADE78 second address: CADE7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9A1 second address: CAF9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9A7 second address: CAF9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9AD second address: CAF9CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD698C2C8F8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9CB second address: CAF9CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9CF second address: CAF9F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD698C2C8F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD698C2C8ECh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAF9F2 second address: CAF9F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA5276 second address: CA5280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FD698C2C8E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA556E second address: CA557A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD698C35526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A0DBA5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A0DB8F instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4DB0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4F90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6F90000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A101F9 rdtsc 0_2_00A101F9
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4672 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF3FD0 GetSystemInfo,VirtualAlloc, 0_2_00BF3FD0
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A101F9 rdtsc 0_2_00A101F9
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2251770618.0000000000B9B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ,$Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEE466 GetSystemTime,GetFileTime, 0_2_00BEE466

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1533035 Sample: file.exe Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Machine Learning detection for sample 2->15 17 2 other signatures 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos