Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1533076
MD5: b2337b7ef8afe55b28bdc11d27a7f160
SHA1: e64ab79ef63c59c372f603bad020982821d0d7e3
SHA256: 2a223c2207a017da91da53683dade893aa77b3ce2298a4e3cbd80f5d92296e44
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 56% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011BB7F9 CryptVerifySignatureA, 1_2_011BB7F9
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000001.00000003.2180026789.0000000005560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2313133260.0000000000FD2000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFC0FB 1_2_00FFC0FB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF10F4 1_2_00FF10F4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101410C 1_2_0101410C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111010A 1_2_0111010A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106711A 1_2_0106711A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B9117 1_2_010B9117
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FD111 1_2_010FD111
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DF12D 1_2_010DF12D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01137133 1_2_01137133
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105A124 1_2_0105A124
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110E135 1_2_0110E135
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104B122 1_2_0104B122
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010BF12C 1_2_010BF12C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D0120 1_2_010D0120
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F313D 1_2_010F313D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102213D 1_2_0102213D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102F143 1_2_0102F143
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E614D 1_2_010E614D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AC140 1_2_010AC140
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011E2150 1_2_011E2150
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106A152 1_2_0106A152
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01032155 1_2_01032155
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01117146 1_2_01117146
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01042167 1_2_01042167
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111F177 1_2_0111F177
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01005168 1_2_01005168
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01093162 1_2_01093162
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105216B 1_2_0105216B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107A173 1_2_0107A173
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106517A 1_2_0106517A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102117D 1_2_0102117D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E1185 1_2_010E1185
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F5183 1_2_010F5183
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01083185 1_2_01083185
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01063188 1_2_01063188
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110919E 1_2_0110919E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110A19E 1_2_0110A19E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE806C 1_2_00FE806C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF006B 1_2_00FF006B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01000197 1_2_01000197
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01097191 1_2_01097191
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010511A0 1_2_010511A0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111A1BC 1_2_0111A1BC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010641A8 1_2_010641A8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF904F 1_2_00FF904F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103D1B4 1_2_0103D1B4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010081C1 1_2_010081C1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C81CE 1_2_010C81CE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC 1_2_010371CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100A1D5 1_2_0100A1D5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102D1D9 1_2_0102D1D9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010891E8 1_2_010891E8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010251E7 1_2_010251E7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108F1E0 1_2_0108F1E0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101D1F9 1_2_0101D1F9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010551FA 1_2_010551FA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112C012 1_2_0112C012
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109C00C 1_2_0109C00C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102000A 1_2_0102000A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105200D 1_2_0105200D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E8001 1_2_010E8001
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DE01C 1_2_010DE01C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108601B 1_2_0108601B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102502E 1_2_0102502E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109E024 1_2_0109E024
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01116028 1_2_01116028
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFE1C5 1_2_00FFE1C5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A2030 1_2_010A2030
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01056039 1_2_01056039
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01058056 1_2_01058056
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A9052 1_2_010A9052
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110D048 1_2_0110D048
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110104F 1_2_0110104F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C406E 1_2_010C406E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105E066 1_2_0105E066
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106E068 1_2_0106E068
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109B066 1_2_0109B066
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010BB07F 1_2_010BB07F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D2071 1_2_010D2071
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101A089 1_2_0101A089
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102308A 1_2_0102308A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103008E 1_2_0103008E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102E08D 1_2_0102E08D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01138082 1_2_01138082
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF716D 1_2_00FF716D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01122087 1_2_01122087
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010310A7 1_2_010310A7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E00A9 1_2_010E00A9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FED157 1_2_00FED157
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DA0A7 1_2_010DA0A7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107B0AC 1_2_0107B0AC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010170AF 1_2_010170AF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AF0BA 1_2_010AF0BA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C60BF 1_2_010C60BF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C90B9 1_2_010C90B9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011060A5 1_2_011060A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108B0C8 1_2_0108B0C8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102A0C0 1_2_0102A0C0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEC13B 1_2_00FEC13B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010680C1 1_2_010680C1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010980CE 1_2_010980CE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF8137 1_2_00FF8137
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F10C5 1_2_010F10C5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010090CB 1_2_010090CB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010540CB 1_2_010540CB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010750D6 1_2_010750D6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010EB0DB 1_2_010EB0DB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010810DF 1_2_010810DF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108A0D0 1_2_0108A0D0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D30D5 1_2_010D30D5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010060DD 1_2_010060DD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011250CC 1_2_011250CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010790D8 1_2_010790D8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEB119 1_2_00FEB119
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011300FA 1_2_011300FA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101C0EA 1_2_0101C0EA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103B0E8 1_2_0103B0E8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D80E6 1_2_010D80E6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AA0E4 1_2_010AA0E4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEF108 1_2_00FEF108
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010EA0F7 1_2_010EA0F7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010340FF 1_2_010340FF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A8309 1_2_010A8309
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010EE306 1_2_010EE306
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B2302 1_2_010B2302
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01131318 1_2_01131318
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E6301 1_2_010E6301
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01062312 1_2_01062312
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01090312 1_2_01090312
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01151308 1_2_01151308
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E4313 1_2_010E4313
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106F319 1_2_0106F319
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B432A 1_2_010B432A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113D331 1_2_0113D331
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102B329 1_2_0102B329
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110333C 1_2_0110333C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01001332 1_2_01001332
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113A328 1_2_0113A328
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108034D 1_2_0108034D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01058350 1_2_01058350
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107B352 1_2_0107B352
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01039354 1_2_01039354
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01008359 1_2_01008359
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104D35D 1_2_0104D35D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100235E 1_2_0100235E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109136B 1_2_0109136B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107F362 1_2_0107F362
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112137A 1_2_0112137A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E7367 1_2_010E7367
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105E36A 1_2_0105E36A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104937B 1_2_0104937B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105C383 1_2_0105C383
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF8278 1_2_00FF8278
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FF382 1_2_010FF382
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010433A4 1_2_010433A4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D93AF 1_2_010D93AF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FB3A4 1_2_010FB3A4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110E3BF 1_2_0110E3BF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103A3B7 1_2_0103A3B7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010143B7 1_2_010143B7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEE249 1_2_00FEE249
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011343A9 1_2_011343A9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103E3B8 1_2_0103E3B8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010203BF 1_2_010203BF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010423C7 1_2_010423C7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010CE3CA 1_2_010CE3CA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F93C7 1_2_010F93C7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110A3C6 1_2_0110A3C6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011003C9 1_2_011003C9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010363D8 1_2_010363D8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DE3D0 1_2_010DE3D0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110D3CD 1_2_0110D3CD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109C3E8 1_2_0109C3E8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010003E2 1_2_010003E2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010243E5 1_2_010243E5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100B3EB 1_2_0100B3EB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AD3E4 1_2_010AD3E4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010863F1 1_2_010863F1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112A216 1_2_0112A216
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100C205 1_2_0100C205
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100720A 1_2_0100720A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01087204 1_2_01087204
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111921D 1_2_0111921D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100320F 1_2_0100320F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01069209 1_2_01069209
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01009211 1_2_01009211
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A521B 1_2_010A521B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109921B 1_2_0109921B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01104202 1_2_01104202
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111B208 1_2_0111B208
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113920A 1_2_0113920A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112B209 1_2_0112B209
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104E225 1_2_0104E225
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107822D 1_2_0107822D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEA3D1 1_2_00FEA3D1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C1234 1_2_010C1234
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103A23A 1_2_0103A23A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101E23D 1_2_0101E23D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01071238 1_2_01071238
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01140253 1_2_01140253
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110F25C 1_2_0110F25C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B6257 1_2_010B6257
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FE251 1_2_010FE251
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01027262 1_2_01027262
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01066267 1_2_01066267
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106C260 1_2_0106C260
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E9268 1_2_010E9268
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104326D 1_2_0104326D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01085266 1_2_01085266
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102626D 1_2_0102626D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107C275 1_2_0107C275
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010BD272 1_2_010BD272
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B8274 1_2_010B8274
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01072282 1_2_01072282
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A328F 1_2_010A328F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A728D 1_2_010A728D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104728D 1_2_0104728D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111629B 1_2_0111629B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104F28F 1_2_0104F28F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFA36D 1_2_00FFA36D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E229A 1_2_010E229A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F1299 1_2_010F1299
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF3367 1_2_00FF3367
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113F28A 1_2_0113F28A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFB35B 1_2_00FFB35B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF634E 1_2_00FF634E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011232A0 1_2_011232A0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF4349 1_2_00FF4349
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010BA2BC 1_2_010BA2BC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103D2BC 1_2_0103D2BC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010422C1 1_2_010422C1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010922C5 1_2_010922C5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100E2CD 1_2_0100E2CD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010452D1 1_2_010452D1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011202CA 1_2_011202CA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111E2CE 1_2_0111E2CE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011272E6 1_2_011272E6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011012E6 1_2_011012E6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010882F4 1_2_010882F4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A2501 1_2_010A2501
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F8501 1_2_010F8501
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110451E 1_2_0110451E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F751F 1_2_010F751F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107E514 1_2_0107E514
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01096510 1_2_01096510
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101251B 1_2_0101251B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01028519 1_2_01028519
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFC4E3 1_2_00FFC4E3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEC4DA 1_2_00FEC4DA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112A536 1_2_0112A536
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D4526 1_2_010D4526
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01067528 1_2_01067528
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01061536 1_2_01061536
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108653C 1_2_0108653C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01113525 1_2_01113525
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111F527 1_2_0111F527
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105F532 1_2_0105F532
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110D52C 1_2_0110D52C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A0548 1_2_010A0548
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101C542 1_2_0101C542
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100E554 1_2_0100E554
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01034556 1_2_01034556
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107955E 1_2_0107955E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01082552 1_2_01082552
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF14A1 1_2_00FF14A1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101B55F 1_2_0101B55F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01085568 1_2_01085568
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100A563 1_2_0100A563
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF749A 1_2_00FF749A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D656A 1_2_010D656A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FD563 1_2_010FD563
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111A57D 1_2_0111A57D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112B562 1_2_0112B562
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01066571 1_2_01066571
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C6576 1_2_010C6576
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112F56F 1_2_0112F56F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C058E 1_2_010C058E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110B596 1_2_0110B596
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100758C 1_2_0100758C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01137588 1_2_01137588
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010CF5AD 1_2_010CF5AD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010035A2 1_2_010035A2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010325A8 1_2_010325A8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0114C5A0 1_2_0114C5A0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0114A5A2 1_2_0114A5A2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011365A5 1_2_011365A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102E5B5 1_2_0102E5B5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106F5CC 1_2_0106F5CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011275DC 1_2_011275DC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010735D5 1_2_010735D5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B95D9 1_2_010B95D9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010945DD 1_2_010945DD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106B5D8 1_2_0106B5D8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE8421 1_2_00FE8421
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FA5EE 1_2_010FA5EE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEB41D 1_2_00FEB41D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B05E0 1_2_010B05E0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102F5ED 1_2_0102F5ED
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D05FF 1_2_010D05FF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011335E7 1_2_011335E7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109C5F1 1_2_0109C5F1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101E5F8 1_2_0101E5F8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01108413 1_2_01108413
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103C413 1_2_0103C413
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFC5EA 1_2_00FFC5EA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112440C 1_2_0112440C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE75D4 1_2_00FE75D4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DC423 1_2_010DC423
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108D43A 1_2_0108D43A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01135421 1_2_01135421
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01088434 1_2_01088434
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113345D 1_2_0113345D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107C456 1_2_0107C456
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01101442 1_2_01101442
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE65A5 1_2_00FE65A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E8455 1_2_010E8455
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFE59B 1_2_00FFE59B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109B46D 1_2_0109B46D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112847A 1_2_0112847A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103046F 1_2_0103046F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B7467 1_2_010B7467
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F2460 1_2_010F2460
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01054474 1_2_01054474
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AE47B 1_2_010AE47B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C5478 1_2_010C5478
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DB470 1_2_010DB470
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D2487 1_2_010D2487
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01005491 1_2_01005491
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108749D 1_2_0108749D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01129485 1_2_01129485
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E5492 1_2_010E5492
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112248E 1_2_0112248E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106E4A3 1_2_0106E4A3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011384B9 1_2_011384B9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104B4A8 1_2_0104B4A8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C04A2 1_2_010C04A2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010184AE 1_2_010184AE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A14A5 1_2_010A14A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E34B8 1_2_010E34B8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010154BD 1_2_010154BD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010224BE 1_2_010224BE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112C4AC 1_2_0112C4AC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010044C1 1_2_010044C1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113E4D7 1_2_0113E4D7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011144DB 1_2_011144DB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010BB4C6 1_2_010BB4C6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010814DB 1_2_010814DB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011454CC 1_2_011454CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010934E9 1_2_010934E9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010354E6 1_2_010354E6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105B4ED 1_2_0105B4ED
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103B4F1 1_2_0103B4F1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E44FC 1_2_010E44FC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010314F7 1_2_010314F7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010684F0 1_2_010684F0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C870C 1_2_010C870C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01046705 1_2_01046705
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01095706 1_2_01095706
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01007719 1_2_01007719
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B872F 1_2_010B872F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C573E 1_2_010C573E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01002735 1_2_01002735
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A7735 1_2_010A7735
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E774B 1_2_010E774B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010ED74B 1_2_010ED74B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106174D 1_2_0106174D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DD746 1_2_010DD746
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B575A 1_2_010B575A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E9755 1_2_010E9755
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112D74F 1_2_0112D74F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103D75D 1_2_0103D75D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113B77C 1_2_0113B77C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01039776 1_2_01039776
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D7775 1_2_010D7775
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01132797 1_2_01132797
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01080785 1_2_01080785
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105578B 1_2_0105578B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010EE780 1_2_010EE780
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104C78B 1_2_0104C78B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01126782 1_2_01126782
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105D79E 1_2_0105D79E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010CE793 1_2_010CE793
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B67A9 1_2_010B67A9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104F7A0 1_2_0104F7A0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010137B0 1_2_010137B0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010DE7BF 1_2_010DE7BF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109B7BA 1_2_0109B7BA
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D17CB 1_2_010D17CB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C97C5 1_2_010C97C5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010457CB 1_2_010457CB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108E7D2 1_2_0108E7D2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011357CD 1_2_011357CD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010887D7 1_2_010887D7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010257E2 1_2_010257E2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0109D7EC 1_2_0109D7EC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011217F5 1_2_011217F5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113D7F8 1_2_0113D7F8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0114F7FB 1_2_0114F7FB
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010377F7 1_2_010377F7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F17F9 1_2_010F17F9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AD7F5 1_2_010AD7F5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01125610 1_2_01125610
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104D600 1_2_0104D600
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AF603 1_2_010AF603
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01102605 1_2_01102605
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01033615 1_2_01033615
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110F607 1_2_0110F607
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102161C 1_2_0102161C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010CC612 1_2_010CC612
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01051627 1_2_01051627
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A162D 1_2_010A162D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104162E 1_2_0104162E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E1620 1_2_010E1620
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108F627 1_2_0108F627
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01139621 1_2_01139621
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01049632 1_2_01049632
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF57C6 1_2_00FF57C6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01017638 1_2_01017638
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100963D 1_2_0100963D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01107657 1_2_01107657
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111B65C 1_2_0111B65C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01076656 1_2_01076656
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C765A 1_2_010C765A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FC658 1_2_010FC658
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B1653 1_2_010B1653
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01060658 1_2_01060658
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107A658 1_2_0107A658
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF7798 1_2_00FF7798
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F7666 1_2_010F7666
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111967C 1_2_0111967C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111E67E 1_2_0111E67E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F167E 1_2_010F167E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01008679 1_2_01008679
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0108A671 1_2_0108A671
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0106967A 1_2_0106967A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01078678 1_2_01078678
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01097676 1_2_01097676
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FF1773 1_2_00FF1773
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102D68F 1_2_0102D68F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D869A 1_2_010D869A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C16A4 1_2_010C16A4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEB752 1_2_00FEB752
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F56A3 1_2_010F56A3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011116BD 1_2_011116BD
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011296A5 1_2_011296A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010A36B0 1_2_010A36B0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111A6D0 1_2_0111A6D0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFA73A 1_2_00FFA73A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010426CC 1_2_010426CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F36C7 1_2_010F36C7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010596CE 1_2_010596CE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011006DE 1_2_011006DE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010746D4 1_2_010746D4
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105E6D0 1_2_0105E6D0
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010586D3 1_2_010586D3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F96D8 1_2_010F96D8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010846EF 1_2_010846EF
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AA6E1 1_2_010AA6E1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104E6E9 1_2_0104E6E9
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FFE70C 1_2_00FFE70C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D36F8 1_2_010D36F8
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111C6E7 1_2_0111C6E7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010566FC 1_2_010566FC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AE90A 1_2_010AE90A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010B990F 1_2_010B990F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0104890D 1_2_0104890D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010F6901 1_2_010F6901
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01120904 1_2_01120904
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010E4919 1_2_010E4919
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01106907 1_2_01106907
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105F918 1_2_0105F918
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0100B92C 1_2_0100B92C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102892F 1_2_0102892F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01057935 1_2_01057935
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010AC93F 1_2_010AC93F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0113C92A 1_2_0113C92A
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01068939 1_2_01068939
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102E947 1_2_0102E947
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0105A94B 1_2_0105A94B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110D943 1_2_0110D943
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01135945 1_2_01135945
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FEA8A5 1_2_00FEA8A5
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0107995C 1_2_0107995C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0112494F 1_2_0112494F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101A95E 1_2_0101A95E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010D196D 1_2_010D196D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103B962 1_2_0103B962
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010C796D 1_2_010C796D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0103E961 1_2_0103E961
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE5899 1_2_00FE5899
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FD966 1_2_010FD966
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101096E 1_2_0101096E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01029972 1_2_01029972
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0102A97D 1_2_0102A97D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111D993 1_2_0111D993
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0101698F 1_2_0101698F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0110F99E 1_2_0110F99E
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010FF997 1_2_010FF997
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0111998B 1_2_0111998B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010529A0 1_2_010529A0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 011B67EE appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000001.00000002.2313146419.0000000000FD6000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000002.2313787936.00000000018BE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: yiycfvys ZLIB complexity 0.9950387943897344
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe Virustotal: Detection: 56%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1740800 > 1048576
Source: file.exe Static PE information: Raw size of yiycfvys is bigger than: 0x100000 < 0x1a2e00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000001.00000003.2180026789.0000000005560000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2313133260.0000000000FD2000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 1.2.file.exe.fd0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yiycfvys:EW;gwlxbero:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1b553b should be: 0x1b8e7a
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: yiycfvys
Source: file.exe Static PE information: section name: gwlxbero
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE1323 push esi; mov dword ptr [esp], ecx 1_2_00FE1F66
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE1323 push esi; mov dword ptr [esp], 3E5F2677h 1_2_00FE4875
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE1323 push ebx; mov dword ptr [esp], esi 1_2_00FE54F3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDEC15 push ecx; mov dword ptr [esp], eax 1_2_00FDEC24
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDD0FC push ecx; mov dword ptr [esp], edx 1_2_00FDD100
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01200122 push eax; mov dword ptr [esp], 7FBF5500h 1_2_0120014F
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01200122 push 1B6C015Bh; mov dword ptr [esp], ebp 1_2_01200176
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_01200122 push 2464D55Fh; mov dword ptr [esp], edx 1_2_012001D6
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0120813F push 3F399ED5h; mov dword ptr [esp], edi 1_2_0120817D
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0118F129 push 74D24567h; mov dword ptr [esp], ebx 1_2_0118F19C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE10BD push ecx; mov dword ptr [esp], 48BA7C7Dh 1_2_00FE3623
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0121716A push edi; mov dword ptr [esp], esi 1_2_012171D2
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDF0B1 push eax; mov dword ptr [esp], esi 1_2_00FDF305
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011E2150 push 3656D911h; mov dword ptr [esp], esp 1_2_011E215C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011E2150 push esi; mov dword ptr [esp], 7CB6E4BFh 1_2_011E216B
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011E2150 push eax; mov dword ptr [esp], 03BEDAD3h 1_2_011E21E3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE20A8 push esi; mov dword ptr [esp], 4DDB87EAh 1_2_00FE3108
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE20A8 push ecx; mov dword ptr [esp], 5DDE36E5h 1_2_00FE311C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDC08C push ecx; mov dword ptr [esp], eax 1_2_00FDC4E1
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FE3087 push eax; mov dword ptr [esp], 6FFF5056h 1_2_00FE3088
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0122015F push 4824090Ah; mov dword ptr [esp], esp 1_2_01220195
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_0122015F push 260A3FB6h; mov dword ptr [esp], ecx 1_2_012201B3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011FF1D5 push 5B088F53h; mov dword ptr [esp], ebx 1_2_011FF293
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push 5215CCBFh; mov dword ptr [esp], ecx 1_2_0103752C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push edi; mov dword ptr [esp], ebp 1_2_010375BE
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push edx; mov dword ptr [esp], esp 1_2_010375C3
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push edx; mov dword ptr [esp], ebx 1_2_010375CC
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push edx; mov dword ptr [esp], eax 1_2_010375E7
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push ebp; mov dword ptr [esp], ecx 1_2_01037648
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push 71605630h; mov dword ptr [esp], edx 1_2_0103766C
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_010371CC push ecx; mov dword ptr [esp], esi 1_2_01037681
Source: file.exe Static PE information: section name: entropy: 7.802540159895336
Source: file.exe Static PE information: section name: yiycfvys entropy: 7.953713263906357

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1159354 second address: 1159365 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115D93A second address: 115D94B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jns 00007F96C0E0BFD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115DC0C second address: 115DC17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F96C0CA2556h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 116199B second address: 11619C7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F96C0E0BFD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnp 00007F96C0E0BFE0h 0x00000014 jmp 00007F96C0E0BFDAh 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d push ebx 0x0000001e jg 00007F96C0E0BFD6h 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11619C7 second address: 11619E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F96C0CA2556h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jbe 00007F96C0CA2556h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161B5D second address: 1161B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161B61 second address: 1161B67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161B67 second address: 1161B94 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F96C0E0BFDEh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F96C0E0BFE3h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161B94 second address: 1161BDF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F96C0CA256Dh 0x00000008 jmp 00007F96C0CA2567h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 or dx, 0FA5h 0x00000015 lea ebx, dword ptr [ebp+12457886h] 0x0000001b mov ecx, dword ptr [ebp+122D2CABh] 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F96C0CA2565h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161BDF second address: 1161BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161BE5 second address: 1161BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161C89 second address: 1161C9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007F96C0E0BFD6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161C9B second address: 1161CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161CA1 second address: 1161CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161CA6 second address: 1161D23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007F96C0CA2556h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F96C0CA2558h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 or dx, DB0Fh 0x0000002e stc 0x0000002f push 00000000h 0x00000031 mov esi, 1F72D822h 0x00000036 call 00007F96C0CA2559h 0x0000003b pushad 0x0000003c jmp 00007F96C0CA2569h 0x00000041 pushad 0x00000042 jmp 00007F96C0CA2568h 0x00000047 pushad 0x00000048 popad 0x00000049 popad 0x0000004a popad 0x0000004b push eax 0x0000004c pushad 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161D23 second address: 1161D46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jl 00007F96C0E0BFDCh 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jo 00007F96C0E0BFD8h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161D46 second address: 1161D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161D4A second address: 1161DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F96C0E0BFE4h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jo 00007F96C0E0BFDEh 0x00000018 jg 00007F96C0E0BFD8h 0x0000001e pushad 0x0000001f popad 0x00000020 pop eax 0x00000021 add cl, 00000033h 0x00000024 push 00000003h 0x00000026 jmp 00007F96C0E0BFE4h 0x0000002b push 00000000h 0x0000002d and edi, 475E64F9h 0x00000033 push 00000003h 0x00000035 cmc 0x00000036 push A5BD6CA3h 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F96C0E0BFE9h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161DBE second address: 1161E21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F96C0CA2566h 0x00000008 jmp 00007F96C0CA255Bh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xor dword ptr [esp], 65BD6CA3h 0x00000017 jmp 00007F96C0CA2568h 0x0000001c lea ebx, dword ptr [ebp+1245788Fh] 0x00000022 mov dword ptr [ebp+122D1FE4h], ebx 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e jmp 00007F96C0CA255Ah 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161E21 second address: 1161E46 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F96C0E0BFD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F96C0E0BFE2h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1161FCE second address: 1161FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117F642 second address: 117F66B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F96C0E0BFFDh 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F96C0E0BFD6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117F66B second address: 117F671 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117FA72 second address: 117FA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117FA76 second address: 117FA8E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F96C0CA2556h 0x00000008 jmp 00007F96C0CA255Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180038 second address: 118003C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180338 second address: 118033C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118033C second address: 1180340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11805AB second address: 11805C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA2562h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11805C1 second address: 11805DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnp 00007F96C0E0BFD6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F96C0E0BFD6h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11805DB second address: 11805E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11805E2 second address: 11805EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11752F2 second address: 1175311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA2566h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175311 second address: 1175317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175317 second address: 117531B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117531B second address: 1175334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180884 second address: 118088A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180F5C second address: 1180F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F96C0E0BFE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180F70 second address: 1180F92 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F96C0CA2568h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180F92 second address: 1180FAA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F96C0E0BFEAh 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jno 00007F96C0E0BFD6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1180FAA second address: 1180FAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118518B second address: 1185190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1185190 second address: 11851A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F96C0CA2561h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118742B second address: 118742F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11885A0 second address: 11885A6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11885A6 second address: 11885BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F96C0E0BFE3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118BD05 second address: 118BD09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 114A0B9 second address: 114A0BE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 114A0BE second address: 114A0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 114A0C4 second address: 114A101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F96C0E0BFE8h 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 jno 00007F96C0E0BFE6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118E8B0 second address: 118E8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118E8B4 second address: 118E8C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F96C0E0BFDCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118EA4D second address: 118EA6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F96C0CA2556h 0x00000011 jnp 00007F96C0CA2556h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118EA6C second address: 118EA90 instructions: 0x00000000 rdtsc 0x00000002 js 00007F96C0E0BFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F96C0E0BFE6h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118EA90 second address: 118EA94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118ED38 second address: 118ED49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118ED49 second address: 118ED84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F96C0CA2556h 0x00000009 jnl 00007F96C0CA2556h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 jmp 00007F96C0CA2566h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c jmp 00007F96C0CA255Dh 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118EECA second address: 118EEF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F96C0E0BFD6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d je 00007F96C0E0BFF1h 0x00000013 jmp 00007F96C0E0BFE5h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1190D0B second address: 1190D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F96C0CA2567h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F96C0CA2556h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11910EA second address: 11910F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 ja 00007F96C0E0BFD6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11910F6 second address: 11910FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1191298 second address: 119129E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119129E second address: 11912A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11912A2 second address: 11912A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1191C29 second address: 1191C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007F96C0CA255Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1191D99 second address: 1191D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1191E8C second address: 1191E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1191F23 second address: 1191F29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1196127 second address: 1196137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1196137 second address: 119613C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1197525 second address: 119752C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11982DF second address: 11982E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11982E3 second address: 11982F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11982F2 second address: 11982F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1150E8C second address: 1150EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F96C0CA2558h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1150EA0 second address: 1150EA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119A184 second address: 119A18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119BEC1 second address: 119BED3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F96C0E0BFD6h 0x00000009 pop edx 0x0000000a jo 00007F96C0E0BFDCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119ED9A second address: 119EE12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, 0F29E320h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F96C0CA2558h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 add edi, 7F75F285h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F96C0CA2558h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b sub dword ptr [ebp+122D1BB2h], edi 0x00000051 xor dword ptr [ebp+122D3873h], eax 0x00000057 xchg eax, esi 0x00000058 jo 00007F96C0CA255Eh 0x0000005e jp 00007F96C0CA2558h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push edi 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119EE12 second address: 119EE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119FCD7 second address: 119FCF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2569h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119FCF4 second address: 119FD87 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F96C0E0BFDAh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F96C0E0BFE0h 0x00000011 nop 0x00000012 call 00007F96C0E0BFDDh 0x00000017 movsx edi, bx 0x0000001a pop edi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F96C0E0BFD8h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000015h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 mov dword ptr [ebp+12457CF4h], ebx 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push esi 0x00000042 call 00007F96C0E0BFD8h 0x00000047 pop esi 0x00000048 mov dword ptr [esp+04h], esi 0x0000004c add dword ptr [esp+04h], 00000019h 0x00000054 inc esi 0x00000055 push esi 0x00000056 ret 0x00000057 pop esi 0x00000058 ret 0x00000059 mov bx, di 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push ecx 0x00000060 jmp 00007F96C0E0BFE0h 0x00000065 pop ecx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A0DE7 second address: 11A0E7B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F96C0CA2558h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F96C0CA2558h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 add dword ptr [ebp+122D39AAh], eax 0x0000002b mov edi, dword ptr [ebp+122D2F45h] 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F96C0CA2558h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d mov dword ptr [ebp+12476A5Dh], edi 0x00000053 push 00000000h 0x00000055 mov edi, dword ptr [ebp+124680E4h] 0x0000005b xchg eax, esi 0x0000005c ja 00007F96C0CA256Dh 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A0E7B second address: 11A0E85 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F96C0E0BFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1DF8 second address: 11A1DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A0F46 second address: 11A0F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1DFC second address: 11A1E00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A0F4D second address: 11A0F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F96C0E0BFE2h 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1E00 second address: 11A1E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A0F6C second address: 11A0FFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 clc 0x00000008 push dword ptr fs:[00000000h] 0x0000000f mov edi, dword ptr [ebp+122D34CCh] 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c jne 00007F96C0E0BFDBh 0x00000022 mov di, ax 0x00000025 mov eax, dword ptr [ebp+122D0329h] 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F96C0E0BFD8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push edx 0x0000004a call 00007F96C0E0BFD8h 0x0000004f pop edx 0x00000050 mov dword ptr [esp+04h], edx 0x00000054 add dword ptr [esp+04h], 0000001Ah 0x0000005c inc edx 0x0000005d push edx 0x0000005e ret 0x0000005f pop edx 0x00000060 ret 0x00000061 nop 0x00000062 js 00007F96C0E0BFDEh 0x00000068 jg 00007F96C0E0BFD8h 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 je 00007F96C0E0BFD8h 0x00000077 pushad 0x00000078 popad 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1E06 second address: 11A1E14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F96C0CA255Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1E14 second address: 11A1E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F96C0E0BFD8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 jmp 00007F96C0E0BFDEh 0x0000002a pushad 0x0000002b stc 0x0000002c movsx eax, di 0x0000002f popad 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F96C0E0BFD8h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c cmc 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 push edi 0x00000053 pop edi 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1E82 second address: 11A1E8C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F96C0CA2556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A508A second address: 11A5090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A3083 second address: 11A308C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A5090 second address: 11A5095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A5095 second address: 11A5122 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F96C0CA255Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d call 00007F96C0CA2563h 0x00000012 mov dword ptr [ebp+122D2969h], eax 0x00000018 pop ebx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F96C0CA2558h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 sub bx, 024Fh 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F96C0CA2558h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 jl 00007F96C0CA2556h 0x0000005c xchg eax, esi 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 jnc 00007F96C0CA2556h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A5122 second address: 11A513C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F96C0E0BFD8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 je 00007F96C0E0BFE0h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A606D second address: 11A60DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jno 00007F96C0CA2556h 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 cld 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F96C0CA2558h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e mov di, si 0x00000031 cld 0x00000032 mov edi, dword ptr [ebp+122D285Eh] 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007F96C0CA2558h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000015h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 xor ebx, 12A3567Ah 0x0000005a xchg eax, esi 0x0000005b push ecx 0x0000005c push eax 0x0000005d push edx 0x0000005e je 00007F96C0CA2556h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A60DB second address: 11A60DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A5299 second address: 11A5351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2561h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F96C0CA2558h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 and bx, CB2Ah 0x0000002c push dword ptr fs:[00000000h] 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F96C0CA2558h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d jp 00007F96C0CA2565h 0x00000053 mov dword ptr fs:[00000000h], esp 0x0000005a mov dword ptr [ebp+122D2753h], esi 0x00000060 mov eax, dword ptr [ebp+122D0531h] 0x00000066 sub bh, FFFFFFF3h 0x00000069 push FFFFFFFFh 0x0000006b add dword ptr [ebp+124789C6h], esi 0x00000071 sub di, F68Ah 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 jno 00007F96C0CA2568h 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A6239 second address: 11A623D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A910D second address: 11A9129 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2568h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A9129 second address: 11A9130 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1141A3A second address: 1141A3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1141A3F second address: 1141A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A981D second address: 11A9822 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A623D second address: 11A6246 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AB760 second address: 11AB7FF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F96C0CA2556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F96C0CA255Dh 0x0000000f popad 0x00000010 push eax 0x00000011 jo 00007F96C0CA2571h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F96C0CA2567h 0x0000001f popad 0x00000020 nop 0x00000021 mov edi, dword ptr [ebp+122D2CA3h] 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F96C0CA2558h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov dword ptr [ebp+122D39AFh], eax 0x00000049 push 00000000h 0x0000004b call 00007F96C0CA2569h 0x00000050 stc 0x00000051 pop ebx 0x00000052 xchg eax, esi 0x00000053 jno 00007F96C0CA2562h 0x00000059 push eax 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d push edi 0x0000005e pop edi 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AB7FF second address: 11AB803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AB803 second address: 11AB811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F96C0CA2556h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11ADD87 second address: 11ADD8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AED3E second address: 11AED97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2562h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov di, 1400h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F96C0CA2558h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c and di, EC34h 0x00000031 push 00000000h 0x00000033 mov dword ptr [ebp+122D2027h], ecx 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushad 0x0000003e popad 0x0000003f push ecx 0x00000040 pop ecx 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AED97 second address: 11AEDA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F96C0E0BFD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AA905 second address: 11AA911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 js 00007F96C0CA2556h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AA9BA second address: 11AA9C4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F96C0E0BFD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AFC39 second address: 11AFCA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F96C0CA2558h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov ebx, 16243526h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push edx 0x0000002c call 00007F96C0CA2558h 0x00000031 pop edx 0x00000032 mov dword ptr [esp+04h], edx 0x00000036 add dword ptr [esp+04h], 0000001Ah 0x0000003e inc edx 0x0000003f push edx 0x00000040 ret 0x00000041 pop edx 0x00000042 ret 0x00000043 jl 00007F96C0CA255Ch 0x00000049 jng 00007F96C0CA2556h 0x0000004f mov dword ptr [ebp+122D3302h], edi 0x00000055 push 00000000h 0x00000057 xchg eax, esi 0x00000058 push eax 0x00000059 push edx 0x0000005a push ebx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AFCA1 second address: 11AFCA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11ADF1C second address: 11ADF22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11B0D6A second address: 11B0D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F96C0E0BFE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11AFE2F second address: 11AFE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F96C0CA2569h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11B30AD second address: 11B30B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11B30B3 second address: 11B30B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11C0447 second address: 11C044D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11C8FF1 second address: 11C8FF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11C91B6 second address: 11C91BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11C9287 second address: 11C92C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2562h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jnc 00007F96C0CA255Ah 0x00000013 mov eax, dword ptr [eax] 0x00000015 jmp 00007F96C0CA255Ah 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 jp 00007F96C0CA2556h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CDE94 second address: 11CDE9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CDE9A second address: 11CDED1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2569h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F96C0CA2568h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CCCEA second address: 11CCCFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F96C0E0BFE0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD2CE second address: 11CD306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F96C0CA2556h 0x0000000a jbe 00007F96C0CA2556h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F96C0CA2560h 0x00000017 jmp 00007F96C0CA2564h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD306 second address: 11CD30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD30B second address: 11CD315 instructions: 0x00000000 rdtsc 0x00000002 js 00007F96C0CA255Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD315 second address: 11CD32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F96C0E0BFDDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD32C second address: 11CD330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD330 second address: 11CD336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD470 second address: 11CD47A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F96C0CA2556h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CD86B second address: 11CD875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push edx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CDAF5 second address: 11CDAF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11CDD33 second address: 11CDD37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D209E second address: 11D20AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F96C0CA2558h 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D20AC second address: 11D20B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D2351 second address: 11D2355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D2355 second address: 11D2384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE0h 0x00000007 je 00007F96C0E0BFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F96C0E0BFDDh 0x00000016 jc 00007F96C0E0BFD6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D2B41 second address: 11D2B63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Bh 0x00000007 pushad 0x00000008 ja 00007F96C0CA2556h 0x0000000e jmp 00007F96C0CA255Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D2E58 second address: 11D2E7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jg 00007F96C0E0BFE6h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D2E7F second address: 11D2E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11D64A5 second address: 11D64B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F96C0E0BFDEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119C85F second address: 119C869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F96C0CA2556h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119C869 second address: 119C87B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119C87B second address: 119C87F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119C87F second address: 11752F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 call dword ptr [ebp+122D1D5Fh] 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119CE30 second address: 119CEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 xor dword ptr [esp], 6F570D8Ah 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F96C0CA2558h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 jmp 00007F96C0CA255Ah 0x0000002b call 00007F96C0CA2559h 0x00000030 push esi 0x00000031 push esi 0x00000032 jmp 00007F96C0CA255Dh 0x00000037 pop esi 0x00000038 pop esi 0x00000039 push eax 0x0000003a jns 00007F96C0CA255Eh 0x00000040 mov eax, dword ptr [esp+04h] 0x00000044 push edx 0x00000045 pushad 0x00000046 push eax 0x00000047 pop eax 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b pop edx 0x0000004c mov eax, dword ptr [eax] 0x0000004e push eax 0x0000004f push edx 0x00000050 jng 00007F96C0CA2565h 0x00000056 jmp 00007F96C0CA255Fh 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119CEB0 second address: 119CEB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119CF73 second address: 119CF78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D0DC second address: 119D0E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D0E2 second address: 119D0F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F96C0CA2560h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D674 second address: 119D6F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jl 00007F96C0E0BFDCh 0x0000000f jo 00007F96C0E0BFD6h 0x00000015 jc 00007F96C0E0BFECh 0x0000001b jmp 00007F96C0E0BFE6h 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007F96C0E0BFD8h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000019h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov dx, ax 0x0000003f push 0000001Eh 0x00000041 push 00000000h 0x00000043 push esi 0x00000044 call 00007F96C0E0BFD8h 0x00000049 pop esi 0x0000004a mov dword ptr [esp+04h], esi 0x0000004e add dword ptr [esp+04h], 00000016h 0x00000056 inc esi 0x00000057 push esi 0x00000058 ret 0x00000059 pop esi 0x0000005a ret 0x0000005b xor dword ptr [ebp+122D1C62h], esi 0x00000061 nop 0x00000062 push esi 0x00000063 push eax 0x00000064 push edx 0x00000065 push esi 0x00000066 pop esi 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D6F7 second address: 119D704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D704 second address: 119D708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D969 second address: 119D96D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D96D second address: 119D9B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F96C0E0BFD8h 0x0000000c popad 0x0000000d push eax 0x0000000e jbe 00007F96C0E0BFDAh 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop edx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push ecx 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 popad 0x00000023 pop ecx 0x00000024 mov eax, dword ptr [eax] 0x00000026 jne 00007F96C0E0BFE2h 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jbe 00007F96C0E0BFD6h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D9B5 second address: 119D9BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119DA4F second address: 119DA53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119DA53 second address: 119DA64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119DA64 second address: 119DAB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c and edx, 2DE8128Eh 0x00000012 lea eax, dword ptr [ebp+12492602h] 0x00000018 nop 0x00000019 pushad 0x0000001a pushad 0x0000001b jmp 00007F96C0E0BFE8h 0x00000020 push esi 0x00000021 pop esi 0x00000022 popad 0x00000023 je 00007F96C0E0BFD8h 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 push edx 0x00000031 pop edx 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119DAB9 second address: 119DABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119DABE second address: 1175EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D1FF9h] 0x0000000e lea eax, dword ptr [ebp+124925BEh] 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F96C0E0BFD8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e push eax 0x0000002f push ebx 0x00000030 push edx 0x00000031 jl 00007F96C0E0BFD6h 0x00000037 pop edx 0x00000038 pop ebx 0x00000039 mov dword ptr [esp], eax 0x0000003c push 00000000h 0x0000003e push ebx 0x0000003f call 00007F96C0E0BFD8h 0x00000044 pop ebx 0x00000045 mov dword ptr [esp+04h], ebx 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc ebx 0x00000052 push ebx 0x00000053 ret 0x00000054 pop ebx 0x00000055 ret 0x00000056 call dword ptr [ebp+122D1D59h] 0x0000005c jo 00007F96C0E0BFFDh 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175EA9 second address: 1175EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175EAD second address: 1175EF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F96C0E0BFE5h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 jbe 00007F96C0E0BFD6h 0x00000018 pushad 0x00000019 popad 0x0000001a pop edi 0x0000001b pushad 0x0000001c jmp 00007F96C0E0BFE6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175EF1 second address: 1175EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175EF7 second address: 1175EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175EFC second address: 1175F01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175F01 second address: 1175F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0E0BFE0h 0x00000009 jmp 00007F96C0E0BFDAh 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1175F23 second address: 1175F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA255Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11DB42B second address: 11DB455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE2h 0x00000007 jnc 00007F96C0E0BFEAh 0x0000000d jmp 00007F96C0E0BFDEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11DBCAE second address: 11DBCB8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F96C0CA2556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E1A42 second address: 11E1A56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0406 second address: 11E0419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007F96C0CA255Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0419 second address: 11E0429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F96C0E0BFD8h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E06DC second address: 11E06F2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F96C0CA2556h 0x00000008 jnl 00007F96C0CA2556h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E06F2 second address: 11E06F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0885 second address: 11E0889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E0FD9 second address: 11E0FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jne 00007F96C0E0BFE2h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E18C5 second address: 11E18DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA255Fh 0x00000009 js 00007F96C0CA2556h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E18DF second address: 11E18EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 js 00007F96C0E0BFD6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E18EB second address: 11E190B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2568h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E7231 second address: 11E7245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0E0BFDCh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E9C48 second address: 11E9C68 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F96C0CA2568h 0x00000008 jmp 00007F96C0CA2562h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11E9794 second address: 11E97A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F96C0E0BFDBh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE762 second address: 11EE776 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE776 second address: 11EE79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F96C0E0BFE9h 0x0000000e jl 00007F96C0E0BFD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE79E second address: 11EE7A8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F96C0CA2556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE7A8 second address: 11EE7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE7B7 second address: 11EE7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE7BB second address: 11EE7DD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F96C0E0BFD6h 0x00000008 jmp 00007F96C0E0BFE4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE7DD second address: 11EE7E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE7E3 second address: 11EE7ED instructions: 0x00000000 rdtsc 0x00000002 jng 00007F96C0E0BFDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE931 second address: 11EE935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11EE935 second address: 11EE93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F05FD second address: 11F0616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2564h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F3400 second address: 11F3413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F96C0E0BFDAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F3413 second address: 11F3434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F96C0CA2568h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F3434 second address: 11F3438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F3438 second address: 11F3472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jno 00007F96C0CA2556h 0x0000000f jg 00007F96C0CA2556h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jmp 00007F96C0CA2563h 0x0000001d pushad 0x0000001e jmp 00007F96C0CA255Ch 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F307D second address: 11F3081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F7418 second address: 11F741C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F741C second address: 11F7467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007F96C0E0BFD6h 0x00000009 jmp 00007F96C0E0BFE7h 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F96C0E0BFE9h 0x00000018 jmp 00007F96C0E0BFDDh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F75E1 second address: 11F75E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F78F1 second address: 11F78F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F78F9 second address: 11F7905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F96C0CA2556h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F7905 second address: 11F790B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F7A5C second address: 11F7A6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jc 00007F96C0CA2556h 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F7A6A second address: 11F7A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F96C0E0BFE2h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b js 00007F96C0E0BFE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11F7A8A second address: 11F7A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119D55A second address: 119D55F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEB10 second address: 11FEB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F96C0CA2567h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEB30 second address: 11FEB50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE6h 0x00000007 jo 00007F96C0E0BFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEB50 second address: 11FEB68 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F96C0CA2562h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEB68 second address: 11FEB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FECBE second address: 11FECD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F96C0CA255Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FECD2 second address: 11FECD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEF60 second address: 11FEF76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F96C0CA2562h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEF76 second address: 11FEF7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FEF7A second address: 11FEFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 jno 00007F96C0CA2556h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jne 00007F96C0CA2556h 0x0000001a je 00007F96C0CA2556h 0x00000020 popad 0x00000021 push esi 0x00000022 pushad 0x00000023 popad 0x00000024 pushad 0x00000025 popad 0x00000026 pop esi 0x00000027 je 00007F96C0CA2562h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F96C0CA255Bh 0x00000034 jp 00007F96C0CA2556h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FFAAF second address: 11FFAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FFAB5 second address: 11FFB0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA255Bh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c jc 00007F96C0CA2562h 0x00000012 jmp 00007F96C0CA2569h 0x00000017 jc 00007F96C0CA255Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f js 00007F96C0CA2556h 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FFDD1 second address: 11FFDD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FFDD5 second address: 11FFDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11FFDDB second address: 11FFDEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F96C0E0BFD6h 0x00000009 jc 00007F96C0E0BFD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12000C6 second address: 12000CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12000CA second address: 12000E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDFh 0x00000007 jbe 00007F96C0E0BFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1208B73 second address: 1208B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1207ECB second address: 1207ED0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1207ED0 second address: 1207EDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1207EDC second address: 1207EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120806C second address: 1208072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1208072 second address: 1208078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1208358 second address: 120835C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120835C second address: 1208373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDDh 0x00000007 jl 00007F96C0E0BFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120E829 second address: 120E82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120E9A7 second address: 120EA03 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F96C0E0BFDCh 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F96C0E0BFDBh 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jng 00007F96C0E0C022h 0x0000001b jnp 00007F96C0E0BFECh 0x00000021 push eax 0x00000022 pop eax 0x00000023 jmp 00007F96C0E0BFE4h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c jmp 00007F96C0E0BFE5h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120EB47 second address: 120EB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120EB4F second address: 120EB6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F96C0E0BFE6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120EB6D second address: 120EB72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120ECDA second address: 120ECF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 jbe 00007F96C0E0C000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F96C0E0BFDCh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120ECF4 second address: 120ED0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F128 second address: 120F12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F12E second address: 120F13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F13A second address: 120F140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F140 second address: 120F144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F144 second address: 120F150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F96C0E0BFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F85E second address: 120F862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F862 second address: 120F870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F96C0E0BFD6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F870 second address: 120F87A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F96C0CA2556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F87A second address: 120F886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F886 second address: 120F88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 120F88A second address: 120F890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1223EC5 second address: 1223EE9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007F96C0CA2556h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F96C0CA255Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1223EE9 second address: 1223EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1223EED second address: 1223EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA255Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1228ABB second address: 1228AD1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F96C0E0BFD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F96C0E0BFD6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1228AD1 second address: 1228AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12285DB second address: 12285EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFE0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12285EF second address: 122860C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F96C0CA255Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122860C second address: 1228632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F96C0E0BFE7h 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F96C0E0BFD6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1228632 second address: 1228636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1228761 second address: 1228767 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1228767 second address: 12287A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F96C0CA2562h 0x00000008 pushad 0x00000009 jl 00007F96C0CA2556h 0x0000000f jmp 00007F96C0CA255Dh 0x00000014 jno 00007F96C0CA2556h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jc 00007F96C0CA2556h 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12287A4 second address: 12287C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDFh 0x00000007 je 00007F96C0E0BFD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F96C0E0BFDBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12287C8 second address: 12287CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122D265 second address: 122D271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jns 00007F96C0E0BFD6h 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122D271 second address: 122D28F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F96C0CA2558h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F96C0CA255Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122D28F second address: 122D2A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0E0BFDAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F96C0E0BFD8h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122D2A7 second address: 122D2AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122BCA0 second address: 122BCA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122BCA7 second address: 122BCB3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F96C0CA255Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 122BE3A second address: 122BE3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1235B7E second address: 1235B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123C749 second address: 123C74F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123C74F second address: 123C75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA255Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123C75E second address: 123C772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F96C0E0BFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123CA23 second address: 123CA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F96C0CA2556h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123CA2E second address: 123CA36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123CA36 second address: 123CA3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123CA3A second address: 123CA44 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F96C0E0BFD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 123CA44 second address: 123CA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F96C0CA2556h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1241557 second address: 124155D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 124155D second address: 1241561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1243359 second address: 1243363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F96C0E0BFD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1243363 second address: 1243369 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1242F3C second address: 1242F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1242F42 second address: 1242F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0CA2561h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1242F58 second address: 1242F62 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F96C0E0BFDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 125F36B second address: 125F38D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2568h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 125F38D second address: 125F391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 125F391 second address: 125F397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 125F397 second address: 125F3A1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F96C0E0BFDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266C72 second address: 1266C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266C76 second address: 1266C8A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F96C0E0BFDEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266C8A second address: 1266CA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F96C0CA2562h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266CA6 second address: 1266CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266CAA second address: 1266CAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126639C second address: 12663AC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F96C0E0BFD6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12663AC second address: 12663B5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12663B5 second address: 12663BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266514 second address: 126652C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA255Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12666C0 second address: 12666F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F96C0E0BFDBh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F96C0E0BFE0h 0x0000001b jmp 00007F96C0E0BFDAh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12666F6 second address: 12666FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12666FC second address: 1266706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1266706 second address: 126670C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126A037 second address: 126A050 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F96C0E0BFDFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126A050 second address: 126A074 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F96C0CA2556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F96C0CA2568h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126A074 second address: 126A078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12699D5 second address: 12699DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12699DE second address: 12699EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F96C0E0BFDAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12699EC second address: 1269A0C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F96C0CA2556h 0x00000008 jmp 00007F96C0CA2566h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1269A0C second address: 1269A3F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F96C0E0BFF9h 0x00000008 jmp 00007F96C0E0BFDCh 0x0000000d jmp 00007F96C0E0BFE7h 0x00000012 jp 00007F96C0E0BFDEh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1269A3F second address: 1269A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F96C0CA255Ah 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1269A56 second address: 1269A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 12723E9 second address: 127241A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F96C0CA2567h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F96C0CA255Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 127241A second address: 1272422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1273E8A second address: 1273E91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1273E91 second address: 1273E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126AE86 second address: 126AE8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126AE8A second address: 126AE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F96C0E0BFD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126AE96 second address: 126AE9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 126AE9C second address: 126AEA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1195276 second address: 1195280 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F96C0CA2556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 119541E second address: 1195441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a jmp 00007F96C0E0BFE7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: FDDCFA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 11883FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1218C86 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5640000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 58D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 78D0000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDE0D5 rdtsc 1_2_00FDE0D5
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 1908 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011C31DA GetSystemInfo,VirtualAlloc, 1_2_011C31DA
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000001.00000002.2313160890.0000000001167000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000001.00000002.2313160890.0000000001167000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDE0D5 rdtsc 1_2_00FDE0D5
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_00FDB988 LdrInitializeThunk, 1_2_00FDB988
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000001.00000002.2313160890.0000000001167000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: BProgram Manager
Source: C:\Users\user\Desktop\file.exe Code function: 1_2_011BA93B GetSystemTime,GetFileTime, 1_2_011BA93B

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1533076 Sample: file.exe Startdate: 14/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Multi AV Scanner detection for submitted file 2->13 15 Machine Learning detection for sample 2->15 17 2 other signatures 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos