Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1538060
MD5: 10eafe2a4f1e6519328fb587a645c8d7
SHA1: d8e3d03dc810cb893f8941b1be93b673a9a54587
SHA256: fb4f51a56080427ae003496f0203dba3ffdbb34922c6286f84af13891e88e114
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00622D1F CryptVerifySignatureA, 0_2_00622D1F
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1693124521.0000000004C20000.00000004.00001000.00020000.00000000.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F504D 0_2_004F504D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466042 0_2_00466042
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526054 0_2_00526054
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AE042 0_2_004AE042
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DF045 0_2_004DF045
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E05E 0_2_0051E05E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B205D 0_2_004B205D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046F05E 0_2_0046F05E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00503048 0_2_00503048
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00598045 0_2_00598045
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052C04D 0_2_0052C04D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058307B 0_2_0058307B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050F074 0_2_0050F074
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C706A 0_2_004C706A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050B078 0_2_0050B078
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00534078 0_2_00534078
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054B06C 0_2_0054B06C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F8072 0_2_004F8072
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051106C 0_2_0051106C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 0_2_0045F005
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00549015 0_2_00549015
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AD00C 0_2_004AD00C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053201D 0_2_0053201D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00580017 0_2_00580017
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00473016 0_2_00473016
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00537006 0_2_00537006
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DD012 0_2_004DD012
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00458027 0_2_00458027
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049503F 0_2_0049503F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051F028 0_2_0051F028
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057302A 0_2_0057302A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056E0D2 0_2_0056E0D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C0D4 0_2_0045C0D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005890CD 0_2_005890CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005360CA 0_2_005360CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CF0ED 0_2_004CF0ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BE0ED 0_2_004BE0ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EB0E2 0_2_004EB0E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A0EB 0_2_0046A0EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005620F8 0_2_005620F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CB0E3 0_2_004CB0E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB 0_2_005540EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EA0F1 0_2_004EA0F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00471083 0_2_00471083
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058E095 0_2_0058E095
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00467097 0_2_00467097
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C009E 0_2_004C009E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054A080 0_2_0054A080
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FB095 0_2_004FB095
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056C089 0_2_0056C089
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E40AE 0_2_004E40AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004910AB 0_2_004910AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CA0A1 0_2_004CA0A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005520A1 0_2_005520A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B40B3 0_2_004B40B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004900B3 0_2_004900B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EC0B4 0_2_004EC0B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052B150 0_2_0052B150
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A143 0_2_0048A143
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047D149 0_2_0047D149
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D1143 0_2_004D1143
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058514D 0_2_0058514D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F4151 0_2_004F4151
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AB163 0_2_004AB163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00504179 0_2_00504179
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00456175 0_2_00456175
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E817E 0_2_004E817E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051C163 0_2_0051C163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B717E 0_2_004B717E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00567161 0_2_00567161
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A716D 0_2_005A716D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053816A 0_2_0053816A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C9173 0_2_004C9173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AA108 0_2_004AA108
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057E112 0_2_0057E112
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057B102 0_2_0057B102
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00525105 0_2_00525105
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00486112 0_2_00486112
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057F108 0_2_0057F108
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00591139 0_2_00591139
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00544138 0_2_00544138
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050C123 0_2_0050C123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00481134 0_2_00481134
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00487136 0_2_00487136
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005811D8 0_2_005811D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045A1CE 0_2_0045A1CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055F1D9 0_2_0055F1D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046B1C9 0_2_0046B1C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A11DA 0_2_004A11DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C71D9 0_2_004C71D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059B1CC 0_2_0059B1CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EF1D4 0_2_004EF1D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005601FC 0_2_005601FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053E1E0 0_2_0053E1E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00506199 0_2_00506199
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050819C 0_2_0050819C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00545199 0_2_00545199
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00593184 0_2_00593184
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FD191 0_2_004FD191
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E71A6 0_2_004E71A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BC1BE 0_2_004BC1BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058625B 0_2_0058625B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048C240 0_2_0048C240
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A0243 0_2_004A0243
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A9251 0_2_005A9251
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053925E 0_2_0053925E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056B244 0_2_0056B244
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B9250 0_2_004B9250
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F2268 0_2_004F2268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A6262 0_2_004A6262
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00498262 0_2_00498262
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054927B 0_2_0054927B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D327C 0_2_004D327C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D827F 0_2_004D827F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004ED278 0_2_004ED278
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BB270 0_2_004BB270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052726E 0_2_0052726E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00542268 0_2_00542268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00594265 0_2_00594265
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00572216 0_2_00572216
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E218 0_2_0054E218
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005BC20B 0_2_005BC20B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053C205 0_2_0053C205
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A204 0_2_0053A204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00489211 0_2_00489211
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AC211 0_2_004AC211
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046D220 0_2_0046D220
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F3226 0_2_004F3226
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055923C 0_2_0055923C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D5222 0_2_004D5222
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D9222 0_2_004D9222
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B0239 0_2_004B0239
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2228 0_2_005B2228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058D22F 0_2_0058D22F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049A231 0_2_0049A231
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054D22D 0_2_0054D22D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A3223 0_2_005A3223
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056222A 0_2_0056222A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DB2C7 0_2_004DB2C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004622CB 0_2_004622CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047B2D6 0_2_0047B2D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051D2C3 0_2_0051D2C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004802DC 0_2_004802DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B62D4 0_2_004B62D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059F2C6 0_2_0059F2C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005002FA 0_2_005002FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057C2F9 0_2_0057C2F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C82F3 0_2_004C82F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054C29E 0_2_0054C29E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050E281 0_2_0050E281
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00578284 0_2_00578284
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00569282 0_2_00569282
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053128A 0_2_0053128A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B7285 0_2_005B7285
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F42AC 0_2_004F42AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005122B2 0_2_005122B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058A2BC 0_2_0058A2BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005462BE 0_2_005462BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C92B8 0_2_004C92B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005922A2 0_2_005922A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AC2A7 0_2_005AC2A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A2341 0_2_004A2341
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050235C 0_2_0050235C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00597355 0_2_00597355
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053C35E 0_2_0053C35E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C1352 0_2_005C1352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00499346 0_2_00499346
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E035E 0_2_004E035E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00551344 0_2_00551344
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00595348 0_2_00595348
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047335D 0_2_0047335D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00547349 0_2_00547349
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A9354 0_2_004A9354
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00521373 0_2_00521373
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00563373 0_2_00563373
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052537C 0_2_0052537C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045E374 0_2_0045E374
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00557364 0_2_00557364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058736A 0_2_0058736A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00470371 0_2_00470371
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00478379 0_2_00478379
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AA365 0_2_005AA365
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D431F 0_2_004D431F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CD310 0_2_004CD310
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E632F 0_2_004E632F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00565331 0_2_00565331
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CE322 0_2_004CE322
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00568326 0_2_00568326
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045B33C 0_2_0045B33C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046133F 0_2_0046133F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052F328 0_2_0052F328
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056E32C 0_2_0056E32C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E333 0_2_0048E333
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C2331 0_2_004C2331
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FD330 0_2_004FD330
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005553D5 0_2_005553D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005643D3 0_2_005643D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005523DF 0_2_005523DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056A3C6 0_2_0056A3C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A13CF 0_2_005A13CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004593D2 0_2_004593D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004773D8 0_2_004773D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EA3EE 0_2_004EA3EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E3F0 0_2_0051E3F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BF3E9 0_2_004BF3E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047C3E3 0_2_0047C3E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E93E8 0_2_004E93E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059C3FF 0_2_0059C3FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A83ED 0_2_004A83ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050F3F8 0_2_0050F3F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005013FA 0_2_005013FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004693EA 0_2_004693EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A3FE 0_2_0051A3FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CF3FD 0_2_004CF3FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E73FB 0_2_004E73FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005773EB 0_2_005773EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D738F 0_2_004D738F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046F382 0_2_0046F382
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D2386 0_2_004D2386
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A398 0_2_0053A398
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052839C 0_2_0052839C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00599397 0_2_00599397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00474393 0_2_00474393
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047E390 0_2_0047E390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00505388 0_2_00505388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00493395 0_2_00493395
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004683A2 0_2_004683A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BD3AE 0_2_004BD3AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C13A4 0_2_004C13A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004793AA 0_2_004793AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AE3A7 0_2_004AE3A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059A3AC 0_2_0059A3AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053D3AC 0_2_0053D3AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D944D 0_2_004D944D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057D454 0_2_0057D454
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050D454 0_2_0050D454
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CB44A 0_2_004CB44A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B7440 0_2_004B7440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052245C 0_2_0052245C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00580449 0_2_00580449
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00568448 0_2_00568448
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054F44B 0_2_0054F44B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058447B 0_2_0058447B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052E47A 0_2_0052E47A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00542466 0_2_00542466
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B247F 0_2_004B247F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DB479 0_2_004DB479
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00471472 0_2_00471472
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00457472 0_2_00457472
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054A46E 0_2_0054A46E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A4461 0_2_005A4461
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046B47B 0_2_0046B47B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047640F 0_2_0047640F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050841D 0_2_0050841D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F7401 0_2_004F7401
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00530401 0_2_00530401
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A0409 0_2_005A0409
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049541C 0_2_0049541C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00592436 0_2_00592436
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055A427 0_2_0055A427
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054042C 0_2_0054042C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A43D 0_2_0046A43D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050B42D 0_2_0050B42D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FB430 0_2_004FB430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005664DB 0_2_005664DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005584DA 0_2_005584DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F84D6 0_2_004F84D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005344CE 0_2_005344CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DF4D3 0_2_004DF4D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004754D8 0_2_004754D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055E4CA 0_2_0055E4CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005734F4 0_2_005734F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057E4F1 0_2_0057E4F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E54FD 0_2_004E54FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005334E4 0_2_005334E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D04F4 0_2_004D04F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049B4F3 0_2_0049B4F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AB4F7 0_2_004AB4F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005944E7 0_2_005944E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059848A 0_2_0059848A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F14A9 0_2_004F14A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058B4B6 0_2_0058B4B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051F4BE 0_2_0051F4BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AA4B8 0_2_004AA4B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055D4A3 0_2_0055D4A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004664B1 0_2_004664B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005134AD 0_2_005134AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DA54C 0_2_004DA54C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047E544 0_2_0047E544
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F4548 0_2_004F4548
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E1542 0_2_004E1542
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058F556 0_2_0058F556
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464553 0_2_00464553
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A354F 0_2_005A354F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046555F 0_2_0046555F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00481551 0_2_00481551
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AF557 0_2_004AF557
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054354A 0_2_0054354A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056E572 0_2_0056E572
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C5564 0_2_004C5564
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E8567 0_2_004E8567
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00491567 0_2_00491567
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054457A 0_2_0054457A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00545567 0_2_00545567
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EC579 0_2_004EC579
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055356D 0_2_0055356D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058E562 0_2_0058E562
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D1571 0_2_004D1571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A150F 0_2_004A150F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051451C 0_2_0051451C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057B51A 0_2_0057B51A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C2503 0_2_004C2503
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051751E 0_2_0051751E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00509501 0_2_00509501
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052B503 0_2_0052B503
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046D515 0_2_0046D515
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058550C 0_2_0058550C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045851E 0_2_0045851E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048653D 0_2_0048653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00503526 0_2_00503526
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056752F 0_2_0056752F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050452B 0_2_0050452B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005425DC 0_2_005425DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005745C3 0_2_005745C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B95D6 0_2_004B95D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A5E9 0_2_0048A5E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F95E5 0_2_004F95E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A55F4 0_2_005A55F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049E5F6 0_2_0049E5F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A959D 0_2_005A959D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046058C 0_2_0046058C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BE587 0_2_004BE587
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051159F 0_2_0051159F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004635AE 0_2_004635AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A75B0 0_2_005A75B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A25B1 0_2_005A25B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A5A0 0_2_0052A5A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054D5A7 0_2_0054D5A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C5B2 0_2_0045C5B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005355A8 0_2_005355A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005BA65B 0_2_005BA65B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BA642 0_2_004BA642
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B865A 0_2_004B865A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D565C 0_2_004D565C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EC656 0_2_004EC656
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BB66B 0_2_004BB66B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045566E 0_2_0045566E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058966C 0_2_0058966C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053666A 0_2_0053666A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048F673 0_2_0048F673
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EB60C 0_2_004EB60C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00513616 0_2_00513616
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00483602 0_2_00483602
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046660A 0_2_0046660A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D8611 0_2_004D8611
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E632 0_2_0054E632
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00569631 0_2_00569631
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049D622 0_2_0049D622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050E620 0_2_0050E620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050A628 0_2_0050A628
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051B62C 0_2_0051B62C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056F628 0_2_0056F628
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CC6CF 0_2_004CC6CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005916D2 0_2_005916D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C66C0 0_2_004C66C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005236CB 0_2_005236CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C96D2 0_2_004C96D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A06D5 0_2_004A06D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045E6E3 0_2_0045E6E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005796E0 0_2_005796E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055D6ED 0_2_0055D6ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005466EF 0_2_005466EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046E686 0_2_0046E686
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053169B 0_2_0053169B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A269A 0_2_004A269A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00514681 0_2_00514681
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E69F 0_2_0048E69F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DE695 0_2_004DE695
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050768F 0_2_0050768F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E16A9 0_2_004E16A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057A6BA 0_2_0057A6BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059B6B7 0_2_0059B6B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051C6A9 0_2_0051C6A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005546AC 0_2_005546AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A96B1 0_2_004A96B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004726BA 0_2_004726BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005066AD 0_2_005066AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005786AA 0_2_005786AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00512751 0_2_00512751
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DD743 0_2_004DD743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00495746 0_2_00495746
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D675B 0_2_004D675B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C6745 0_2_005C6745
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00588745 0_2_00588745
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004ED76E 0_2_004ED76E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052E772 0_2_0052E772
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AD777 0_2_005AD777
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A6768 0_2_005A6768
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00572760 0_2_00572760
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BF771 0_2_004BF771
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048C775 0_2_0048C775
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C4762 0_2_005C4762
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CE772 0_2_004CE772
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059571B 0_2_0059571B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00548717 0_2_00548717
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053C703 0_2_0053C703
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00541702 0_2_00541702
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00519709 0_2_00519709
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D3713 0_2_004D3713
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00575735 0_2_00575735
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049272F 0_2_0049272F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A8739 0_2_004A8739
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056C720 0_2_0056C720
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004D4732 0_2_004D4732
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004857C8 0_2_004857C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059A7D9 0_2_0059A7D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F7C0 0_2_0045F7C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057D7DD 0_2_0057D7DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004777CA 0_2_004777CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AC7D7 0_2_005AC7D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A07CB 0_2_005A07CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005477CC 0_2_005477CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E37D4 0_2_004E37D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E67D5 0_2_004E67D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005977C4 0_2_005977C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005287F6 0_2_005287F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FD7E7 0_2_004FD7E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005407FC 0_2_005407FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004747F1 0_2_004747F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053E7E5 0_2_0053E7E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C97F0 0_2_004C97F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F57F0 0_2_004F57F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049378D 0_2_0049378D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054A79E 0_2_0054A79E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058B795 0_2_0058B795
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EE796 0_2_004EE796
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005017B6 0_2_005017B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057F7A3 0_2_0057F7A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A47A3 0_2_005A47A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004947B3 0_2_004947B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057C7A9 0_2_0057C7A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058085A 0_2_0058085A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056A853 0_2_0056A853
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047D84B 0_2_0047D84B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B4844 0_2_004B4844
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045B850 0_2_0045B850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00552840 0_2_00552840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047985F 0_2_0047985F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055F84B 0_2_0055F84B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E84E 0_2_0051E84E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00510878 0_2_00510878
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055A866 0_2_0055A866
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AC87D 0_2_004AC87D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00489870 0_2_00489870
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051786B 0_2_0051786B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526813 0_2_00526813
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00566814 0_2_00566814
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059081C 0_2_0059081C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048080F 0_2_0048080F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057681E 0_2_0057681E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059C813 0_2_0059C813
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00581813 0_2_00581813
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AA811 0_2_005AA811
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00557818 0_2_00557818
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A6805 0_2_004A6805
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B581B 0_2_004B581B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B681B 0_2_004B681B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A380C 0_2_005A380C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00458812 0_2_00458812
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0050280E 0_2_0050280E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FA82F 0_2_004FA82F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A82C 0_2_0046A82C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046883E 0_2_0046883E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E8837 0_2_004E8837
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056282C 0_2_0056282C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052B829 0_2_0052B829
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A8826 0_2_005A8826
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B3836 0_2_004B3836
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A1825 0_2_005A1825
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055E8DA 0_2_0055E8DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005888CA 0_2_005888CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B78DF 0_2_004B78DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005158C4 0_2_005158C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004628E3 0_2_004628E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005618F0 0_2_005618F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004CB8EB 0_2_004CB8EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005558FC 0_2_005558FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005088FC 0_2_005088FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005A78E8 0_2_005A78E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004708F2 0_2_004708F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F38F9 0_2_004F38F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A8E7 0_2_0051A8E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C28F4 0_2_004C28F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A188B 0_2_004A188B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C688F 0_2_004C688F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049B886 0_2_0049B886
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00594889 0_2_00594889
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004868A9 0_2_004868A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005848B9 0_2_005848B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DA8A8 0_2_004DA8A8
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0061DD14 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.1826170081.0000000000446000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: pjhuoolz ZLIB complexity 0.9949726608564269
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1761792 > 1048576
Source: file.exe Static PE information: Raw size of pjhuoolz is bigger than: 0x100000 < 0x1a8000
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1826154547.0000000000442000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1693124521.0000000004C20000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.440000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pjhuoolz:EW;qstkvopw:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1bd490 should be: 0x1b29a0
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: pjhuoolz
Source: file.exe Static PE information: section name: qstkvopw
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00451918 push 68C78E2Eh; mov dword ptr [esp], esi 0_2_0045191D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00451918 push 50254DC0h; mov dword ptr [esp], ecx 0_2_0045193A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00451918 push esi; mov dword ptr [esp], edx 0_2_004548CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526054 push 5E3A51B7h; mov dword ptr [esp], ecx 0_2_0052656A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526054 push 29C0C32Bh; mov dword ptr [esp], ebp 0_2_005266BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526054 push edi; mov dword ptr [esp], eax 0_2_005266D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0067E06E push 76DC5282h; mov dword ptr [esp], edi 0_2_0067E0A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E065 push ebx; mov dword ptr [esp], ecx 0_2_0044EBD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E065 push 616757A7h; mov dword ptr [esp], edi 0_2_0044F332
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00452060 push edx; mov dword ptr [esp], 3FCF9D42h 0_2_00452F51
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00450072 push ecx; mov dword ptr [esp], 77773319h 0_2_00453FA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0064205B push edi; mov dword ptr [esp], esp 0_2_006420DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 push eax; mov dword ptr [esp], 3A830399h 0_2_0045F49A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 push edi; mov dword ptr [esp], eax 0_2_0045F4CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 push ebp; mov dword ptr [esp], eax 0_2_0045F55F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 push edx; mov dword ptr [esp], eax 0_2_0045F665
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045F005 push ebp; mov dword ptr [esp], eax 0_2_0045F6C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00638022 push 2CA7C34Bh; mov dword ptr [esp], edx 0_2_0063803B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044F02F push esi; mov dword ptr [esp], edx 0_2_0044F280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push eax; mov dword ptr [esp], 7FFE1000h 0_2_005543EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push esi; mov dword ptr [esp], ecx 0_2_0055442D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push 3B1AEC3Ah; mov dword ptr [esp], ebp 0_2_00554435
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push ebx; mov dword ptr [esp], 48098A94h 0_2_005544A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push 2A36583Fh; mov dword ptr [esp], ebx 0_2_005544BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push edi; mov dword ptr [esp], eax 0_2_00554522
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005540EB push ebp; mov dword ptr [esp], 3F3D5F00h 0_2_005545D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044D08A push eax; mov dword ptr [esp], ebp 0_2_0044D098
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00451091 push edx; mov dword ptr [esp], C1408A9Ch 0_2_00452B85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E093 push ebx; mov dword ptr [esp], ecx 0_2_0044EBD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E093 push 616757A7h; mov dword ptr [esp], edi 0_2_0044F332
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004500B5 push ecx; mov dword ptr [esp], 519F6A25h 0_2_00450188
Source: file.exe Static PE information: section name: entropy: 7.793003233433282
Source: file.exe Static PE information: section name: pjhuoolz entropy: 7.953486757782369

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 44E154 second address: 44E159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 44E159 second address: 44E15E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 44D95C second address: 44D960 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B87D8 second address: 5B87F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Bh 0x00000009 push edi 0x0000000a pop edi 0x0000000b js 00007F8BC8D62786h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CB2F2 second address: 5CB2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CB2F6 second address: 5CB30B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D6278Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CB30B second address: 5CB311 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CB311 second address: 5CB31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CB79E second address: 5CB7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8BC94A29D6h 0x0000000a jnp 00007F8BC94A29D6h 0x00000010 popad 0x00000011 push esi 0x00000012 jmp 00007F8BC94A29E1h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CBC6B second address: 5CBC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CBC73 second address: 5CBC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CDFD3 second address: 5CDFEB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BC8D62788h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B37B4 second address: 5B37C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BC94A29D6h 0x00000008 jno 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B37C4 second address: 5B37CE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8BC8D62792h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B37CE second address: 5B37D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED453 second address: 5ED466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED466 second address: 5ED46A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED46A second address: 5ED48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8BC8D62792h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED48E second address: 5ED4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E7h 0x00000009 jmp 00007F8BC94A29DFh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED600 second address: 5ED60C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ED60C second address: 5ED626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8BC94A29D6h 0x0000000a popad 0x0000000b jnp 00007F8BC94A29E4h 0x00000011 push ecx 0x00000012 jbe 00007F8BC94A29D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA4A second address: 5EDA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA50 second address: 5EDA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA54 second address: 5EDA5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA5A second address: 5EDA5F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA5F second address: 5EDA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F8BC8D6278Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDB9C second address: 5EDBA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDD36 second address: 5EDD4A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BC8D62786h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F8BC8D6278Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDD4A second address: 5EDD4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDD4E second address: 5EDD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62791h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F8BC8D62788h 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDD6F second address: 5EDD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8BC94A29D6h 0x0000000a pop esi 0x0000000b push ecx 0x0000000c jmp 00007F8BC94A29DCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EE547 second address: 5EE54D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EE54D second address: 5EE553 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EE553 second address: 5EE561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F8BC8D62786h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E22 second address: 5E5E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E26 second address: 5E5E2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E2C second address: 5E5E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E30 second address: 5E5E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EE69C second address: 5EE6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29DEh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EEF02 second address: 5EEF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EEF06 second address: 5EEF0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EEF0A second address: 5EEF2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jns 00007F8BC8D62792h 0x00000010 jl 00007F8BC8D6278Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF31B second address: 5EF32B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF32B second address: 5EF32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF32F second address: 5EF333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF333 second address: 5EF339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C5E15 second address: 5C5E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F4761 second address: 5F4768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F4768 second address: 5F4778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB61A second address: 5FB637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC8D62797h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FABC6 second address: 5FABE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F8BC94A29E9h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FAD87 second address: 5FAD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB299 second address: 5FB2D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F8BC94A29D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F8BC94A29E4h 0x00000014 jnp 00007F8BC94A29D6h 0x0000001a popad 0x0000001b js 00007F8BC94A29DAh 0x00000021 pushad 0x00000022 popad 0x00000023 push edx 0x00000024 pop edx 0x00000025 push esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB44B second address: 5FB44F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FB44F second address: 5FB47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8BC94A29DEh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FEBB4 second address: 5FEBD6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8BC8D6278Bh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D6278Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FF39E second address: 5FF3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F8BC94A29D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFA03 second address: 5FFA07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFFA9 second address: 5FFFBB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFFBB second address: 5FFFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600055 second address: 6000AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jng 00007F8BC94A29D6h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edi 0x00000011 push edx 0x00000012 jmp 00007F8BC94A29DFh 0x00000017 pop edx 0x00000018 pop edi 0x00000019 xchg eax, ebx 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F8BC94A29D8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 jmp 00007F8BC94A29DFh 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c push ecx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6000AE second address: 6000B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600237 second address: 600241 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6014A1 second address: 6014A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6012CF second address: 6012D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6014A7 second address: 6014B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8BC8D62786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6025AC second address: 6025B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 602FFC second address: 603002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 603002 second address: 603006 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 603A2F second address: 603A34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 602CFB second address: 602D01 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 603A34 second address: 603A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60450F second address: 604527 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604527 second address: 60452D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60452D second address: 604531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604F85 second address: 604FED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC8D62786h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F8BC8D62788h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F8BC8D62788h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D28C4h], edi 0x0000004d push 00000000h 0x0000004f xor dword ptr [ebp+122D1AFDh], eax 0x00000055 xchg eax, ebx 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 push ecx 0x0000005a pop ecx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604D77 second address: 604D8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604FED second address: 604FF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604D8E second address: 604D95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604D95 second address: 604DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F8BC8D6278Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6084F3 second address: 6084F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6084F7 second address: 608579 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F8BC8D62788h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 jmp 00007F8BC8D6278Fh 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F8BC8D62788h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 mov di, FD93h 0x00000048 push 00000000h 0x0000004a xchg eax, esi 0x0000004b jnp 00007F8BC8D6278Eh 0x00000051 jnc 00007F8BC8D62788h 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8BC8D62792h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 609578 second address: 6095FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F8BC94A29D8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007F8BC94A29D8h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push eax 0x00000046 call 00007F8BC94A29D8h 0x0000004b pop eax 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 add dword ptr [esp+04h], 00000015h 0x00000058 inc eax 0x00000059 push eax 0x0000005a ret 0x0000005b pop eax 0x0000005c ret 0x0000005d mov dword ptr [ebp+122DB38Ah], ecx 0x00000063 xchg eax, esi 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F8BC94A29DFh 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6087A2 second address: 6087C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62796h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6095FB second address: 609612 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F8BC94A29D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F8BC94A29D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6087C3 second address: 6087C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 609612 second address: 60961C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6087C7 second address: 6087CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60961C second address: 609632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC94A29E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6087CB second address: 6087D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60A5FD second address: 60A616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F8BC94A29E0h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60A82E second address: 60A849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BC8D62792h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60B6F0 second address: 60B786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F8BC94A29D8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 jg 00007F8BC94A29DCh 0x00000029 mov ebx, dword ptr [ebp+122D2798h] 0x0000002f push dword ptr fs:[00000000h] 0x00000036 mov dword ptr [ebp+122D1A71h], edx 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 add ebx, dword ptr [ebp+122D2553h] 0x00000049 push eax 0x0000004a pop ebx 0x0000004b mov eax, dword ptr [ebp+122D1091h] 0x00000051 jmp 00007F8BC94A29DCh 0x00000056 push FFFFFFFFh 0x00000058 call 00007F8BC94A29E1h 0x0000005d cmc 0x0000005e pop edi 0x0000005f nop 0x00000060 pushad 0x00000061 pushad 0x00000062 jmp 00007F8BC94A29DAh 0x00000067 push edi 0x00000068 pop edi 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60C542 second address: 60C546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60B786 second address: 60B78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60C546 second address: 60C54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E47B second address: 60E47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D59E second address: 60D5BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC8D62795h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D684 second address: 60D688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60F3DF second address: 60F42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007F8BC8D62786h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jnc 00007F8BC8D627A0h 0x00000017 nop 0x00000018 and ebx, 5C057A93h 0x0000001e push 00000000h 0x00000020 mov dword ptr [ebp+122D2823h], eax 0x00000026 mov bx, 1521h 0x0000002a push 00000000h 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f push ebx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60F42B second address: 60F430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60F430 second address: 60F436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 611752 second address: 611756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 611756 second address: 61176D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC8D6278Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61176D second address: 611771 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6137AA second address: 6137B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 610781 second address: 610798 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BC94A29DCh 0x00000008 ja 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 610798 second address: 61079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61079C second address: 6107A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6138FE second address: 613918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8BC8D6278Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6107A2 second address: 6107B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29DDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 616523 second address: 616550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F8BC8D62798h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jmp 00007F8BC8D6278Ah 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 616550 second address: 61655A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61655A second address: 61655E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6158E5 second address: 6158E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6158E9 second address: 6158F3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6158F3 second address: 6158F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 617780 second address: 61779D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BC8D62792h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 628440 second address: 628444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 627C5D second address: 627C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 627C61 second address: 627C6E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630E5E second address: 630E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6338C2 second address: 6338C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6378D2 second address: 6378EE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8BC8D62793h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6378EE second address: 6378F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6378F4 second address: 6378F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6378F9 second address: 637909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29DAh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 637EDC second address: 637EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 637EE2 second address: 637EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8BC94A29E0h 0x0000000c jnl 00007F8BC94A29D6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 637EFF second address: 637F05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63805F second address: 638065 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 638065 second address: 63806F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 638348 second address: 63835F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63835F second address: 63837E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62795h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63837E second address: 6383A2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8BC94A29D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8BC94A29DEh 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63F5A1 second address: 63F5A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63F5A8 second address: 63F5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F8BC94A29F4h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63F5C2 second address: 63F5C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C42B2 second address: 5C42BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C42BC second address: 5C42C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C42C4 second address: 5C42C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63E99C second address: 63E9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63DFEF second address: 63E002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F8BC94A29DEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63E002 second address: 63E00C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC8D6279Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63ECF2 second address: 63ED10 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC94A29D6h 0x00000008 jmp 00007F8BC94A29DEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63ED10 second address: 63ED35 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 jo 00007F8BC8D62786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8BC8D62792h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FC605 second address: 5E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F8BC94A29DCh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F8BC94A29D8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 sbb cx, 0A68h 0x0000002e mov dx, 9A70h 0x00000032 call dword ptr [ebp+122D1ABDh] 0x00000038 push eax 0x00000039 push edx 0x0000003a jl 00007F8BC94A29DEh 0x00000040 pushad 0x00000041 popad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FCB20 second address: 5FCB26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FCB26 second address: 5FCB2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FCE18 second address: 5FCE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], esi 0x00000008 mov edx, dword ptr [ebp+122D37B6h] 0x0000000e nop 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F8BC8D62796h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FCF88 second address: 5FCF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD0B0 second address: 5FD0BA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD0BA second address: 5FD0F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC94A29E0h 0x00000008 jmp 00007F8BC94A29E6h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 ja 00007F8BC94A29E2h 0x00000017 ja 00007F8BC94A29DCh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD7B8 second address: 5FD7CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BC8D6278Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD7CB second address: 5FD7D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD7D8 second address: 5FD7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D6278Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD8C4 second address: 5FD8EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D274Eh], eax 0x00000010 lea eax, dword ptr [ebp+12482395h] 0x00000016 mov edx, dword ptr [ebp+122D374Ah] 0x0000001c push eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F8BC94A29D6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD8EA second address: 5FD90F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F8BC8D62786h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FC612 second address: 5E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F8BC94A29D8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 sbb cx, 0A68h 0x00000027 mov dx, 9A70h 0x0000002b call dword ptr [ebp+122D1ABDh] 0x00000031 push eax 0x00000032 push edx 0x00000033 jl 00007F8BC94A29DEh 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64969C second address: 6496A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6496A0 second address: 6496B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6496B6 second address: 6496F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D6278Bh 0x00000007 jnl 00007F8BC8D6278Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jno 00007F8BC8D62797h 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F8BC8D62786h 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6496F1 second address: 649758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E3h 0x00000007 jmp 00007F8BC94A29E8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC94A29E3h 0x00000014 jmp 00007F8BC94A29DEh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8BC94A29DFh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649758 second address: 64975C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64975C second address: 649766 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BC94A29D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6498D8 second address: 6498F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F8BC8D62786h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8BC8D6278Ah 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649B26 second address: 649B2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649C85 second address: 649CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8BC8D62795h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649DBB second address: 649DC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649DC1 second address: 649DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649DC7 second address: 649DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FAAC second address: 64FAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 js 00007F8BC8D62786h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8BC8D62790h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FAE3 second address: 64FAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FD66 second address: 64FD6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FD6B second address: 64FD9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E4h 0x00000007 jmp 00007F8BC94A29E7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FD9F second address: 64FDA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FDA3 second address: 64FDC7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jmp 00007F8BC94A29DFh 0x00000010 push edx 0x00000011 pop edx 0x00000012 jnl 00007F8BC94A29D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FF0D second address: 64FF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007F8BC8D62799h 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F8BC8D62792h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6501BA second address: 6501BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6501BE second address: 6501D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F8BC8D62792h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6501D0 second address: 6501DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6501DA second address: 6501F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC8D62790h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6501F0 second address: 650201 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 650201 second address: 65021C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D62795h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6507E8 second address: 6507F4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BC94A29D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653310 second address: 653316 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653316 second address: 65331B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65331B second address: 653329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653329 second address: 65332F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65332F second address: 653333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653333 second address: 653358 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8BC94A29E3h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65B708 second address: 65B70E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65ADAE second address: 65ADB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65ADB4 second address: 65ADB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65ADB8 second address: 65ADC6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65ADC6 second address: 65ADDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62792h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65ADDC second address: 65ADE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65AF12 second address: 65AF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65B323 second address: 65B32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8BC94A29D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65B32F second address: 65B338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65B338 second address: 65B33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65B33E second address: 65B342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65EE88 second address: 65EE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65EE8C second address: 65EE90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65EE90 second address: 65EE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65F296 second address: 65F2B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC8D6278Bh 0x00000009 jng 00007F8BC8D62786h 0x0000000f popad 0x00000010 jbe 00007F8BC8D62788h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65F2B4 second address: 65F2C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BC94A29E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65F2C9 second address: 65F2E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62793h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663E9F second address: 663ED1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BC94A29D8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007F8BC94A29F1h 0x00000010 jnl 00007F8BC94A29D6h 0x00000016 jmp 00007F8BC94A29E5h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 664029 second address: 66402D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66430C second address: 664311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 664311 second address: 664332 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62798h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 664332 second address: 66433F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 jl 00007F8BC94A29D6h 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66433F second address: 664344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD2AA second address: 5FD2B0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD2B0 second address: 5FD30F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC8D6278Ch 0x00000008 jnl 00007F8BC8D62786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 xor dword ptr [ebp+122D2726h], ecx 0x00000019 push 00000004h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F8BC8D62788h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 add dword ptr [ebp+122D273Ah], edx 0x0000003b nop 0x0000003c jne 00007F8BC8D62798h 0x00000042 push eax 0x00000043 push esi 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66AEAF second address: 66AEB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66AEB3 second address: 66AEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66BA0A second address: 66BA18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66BA18 second address: 66BA1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66BD07 second address: 66BD12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC94A29D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66BD12 second address: 66BD18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66C589 second address: 66C594 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8BC94A29D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 670E1F second address: 670E25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 670FBE second address: 670FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 670FC2 second address: 670FC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 670FC8 second address: 670FCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 670FCF second address: 670FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6716C1 second address: 6716D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FBBE second address: 67FBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BC8D62786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67DCFE second address: 67DD1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F8BC94A29DBh 0x0000000f popad 0x00000010 pushad 0x00000011 jnc 00007F8BC94A29D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E3CA second address: 67E3D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E3D5 second address: 67E3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E7FD second address: 67E803 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E803 second address: 67E809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E912 second address: 67E916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67E916 second address: 67E91C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67EAA2 second address: 67EACB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62790h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8BC8D62791h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67EACB second address: 67EAD5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BC94A29D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FA32 second address: 67FA5C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8BC8D62786h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8BC8D62793h 0x00000016 jg 00007F8BC8D62786h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FA5C second address: 67FA66 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8BC94A29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FA66 second address: 67FA7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62790h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FA7E second address: 67FA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67FA82 second address: 67FA86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67D880 second address: 67D885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 687A48 second address: 687A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 687A4E second address: 687A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 687A53 second address: 687A74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F8BC8D62786h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 687A74 second address: 687A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 687A80 second address: 687A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 697CFD second address: 697D37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BC94A29E7h 0x0000000e jmp 00007F8BC94A29E0h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6976D1 second address: 6976D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6976D5 second address: 6976E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F8BC94A29D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6976E5 second address: 6976E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 69A52B second address: 69A531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 69A531 second address: 69A535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 69A535 second address: 69A558 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BC94A29D6h 0x00000008 jmp 00007F8BC94A29E9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 69A71B second address: 69A739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F8BC8D62799h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A0171 second address: 6A01A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DCh 0x00000007 je 00007F8BC94A29D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F8BC94A29F4h 0x00000015 jmp 00007F8BC94A29E8h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A01A7 second address: 6A01AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A01AB second address: 6A01D3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 jnc 00007F8BC94A29DCh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC94A29E0h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A01D3 second address: 6A01D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A3E9A second address: 6A3EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BC94A29DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A3EAC second address: 6A3EC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8BC8D62792h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A3EC8 second address: 6A3ED8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29DAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B104D second address: 6B105D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B166E second address: 6B1674 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B1674 second address: 6B1696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F8BC8D62786h 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC8D62791h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B1696 second address: 6B16A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 jo 00007F8BC94A29E4h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B17F4 second address: 6B17F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B5779 second address: 6B5790 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BC94A29DDh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B5790 second address: 6B57B7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8BC8D62786h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8BC8D6278Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007F8BC8D62786h 0x0000001c js 00007F8BC8D62786h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B77EF second address: 6B77F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B77F5 second address: 6B77F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B77F9 second address: 6B77FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B7384 second address: 6B7390 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B7390 second address: 6B73C9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BC94A29D6h 0x00000008 jnc 00007F8BC94A29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F8BC94A29E3h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8BC94A29E3h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B7520 second address: 6B7524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B7524 second address: 6B7528 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEEAC second address: 6BEEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEEB0 second address: 6BEEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F8BC94A29DEh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEEC9 second address: 6BEED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEED2 second address: 6BEED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C3ED7 second address: 6C3EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0D95 second address: 6D0D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0D9B second address: 6D0DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BC8D6278Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0DA7 second address: 6D0DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jno 00007F8BC94A29D6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0BF7 second address: 6D0BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0BFD second address: 6D0C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0C05 second address: 6D0C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F8BC8D62786h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0C14 second address: 6D0C1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0C1A second address: 6D0C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D0C1E second address: 6D0C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DACC4 second address: 6DACCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D9F21 second address: 6D9F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA325 second address: 6DA351 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BC8D62786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8BC8D62798h 0x00000010 jg 00007F8BC8D62786h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA351 second address: 6DA374 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BC94A29E8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA374 second address: 6DA388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F8BC8D62792h 0x0000000c jo 00007F8BC8D62786h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA4E2 second address: 6DA4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a jl 00007F8BC94A29D6h 0x00000010 jmp 00007F8BC94A29DAh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA4FE second address: 6DA506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA506 second address: 6DA51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8BC94A29D6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F8BC94A29D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA51F second address: 6DA523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA523 second address: 6DA566 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F8BC94A29E6h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F8BC94A29D6h 0x00000018 jl 00007F8BC94A29D6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA566 second address: 6DA56A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA56A second address: 6DA570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA6E7 second address: 6DA6ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6DA988 second address: 6DA999 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8BC94A29D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push ebx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E0DDC second address: 6E0DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E07E9 second address: 6E082F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC94A29E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F8BC94A29DBh 0x00000011 push edi 0x00000012 pop edi 0x00000013 jnl 00007F8BC94A29D6h 0x00000019 popad 0x0000001a jmp 00007F8BC94A29E3h 0x0000001f push esi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E93D1 second address: 6E93D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E93D7 second address: 6E93E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E93E0 second address: 6E93E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E8FB8 second address: 6E8FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E8FBC second address: 6E8FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8BC8D6278Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAFD6 second address: 6EAFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAFDB second address: 6EB01B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BC8D62799h 0x00000007 jmp 00007F8BC8D62793h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 push eax 0x00000016 js 00007F8BC8D62786h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 44D8D5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 44D9D8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5F4950 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 68DDEF instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5020000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E00000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E065 rdtsc 0_2_0044E065
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7560 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00629EAE GetSystemInfo,VirtualAlloc, 0_2_00629EAE
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E065 rdtsc 0_2_0044E065
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044B970 LdrInitializeThunk, 0_2_0044B970
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1826186526.00000000005D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00621E61 GetSystemTime,GetFileTime, 0_2_00621E61

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1538060 Sample: file.exe Startdate: 20/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 AI detected suspicious sample 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos