Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1538070
MD5: c27a2049b3b3c97986bd95f69767517e
SHA1: 5c673ff7844b8910350a0a0fc8af4a72567bf920
SHA256: 2bbecad407861c7e10bcc881080de51884addf0affd36858b44a320ff793cdaf
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (STR)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0022E196 CryptVerifySignatureA, 0_2_0022E196
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1807242566.0000000000042000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1674344786.00000000048C0000.00000004.00001000.00020000.00000000.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004B98C 0_2_0004B98C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C2015 0_2_000C2015
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00092029 0_2_00092029
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BE020 0_2_000BE020
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 0_2_00170024
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D8035 0_2_000D8035
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00134028 0_2_00134028
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C8031 0_2_000C8031
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006E041 0_2_0006E041
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019A04B 0_2_0019A04B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C 0_2_0016E04C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00058061 0_2_00058061
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019E06B 0_2_0019E06B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008A070 0_2_0008A070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011E094 0_2_0011E094
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 0_2_000AC083
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010E09A 0_2_0010E09A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009C09D 0_2_0009C09D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00128086 0_2_00128086
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010A08A 0_2_0010A08A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B20BB 0_2_001B20BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001480B0 0_2_001480B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FA0A7 0_2_000FA0A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000980B6 0_2_000980B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001660D1 0_2_001660D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019C0CC 0_2_0019C0CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000860D4 0_2_000860D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016C0FE 0_2_0016C0FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E40F5 0_2_000E40F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013010B 0_2_0013010B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013610B 0_2_0013610B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A2104 0_2_001A2104
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FE12C 0_2_000FE12C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00188120 0_2_00188120
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001C6120 0_2_001C6120
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A4137 0_2_000A4137
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00074139 0_2_00074139
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001BA15B 0_2_001BA15B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C015D 0_2_000C015D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D4154 0_2_000D4154
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017214C 0_2_0017214C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018217C 0_2_0018217C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B817C 0_2_001B817C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F4167 0_2_000F4167
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016817E 0_2_0016817E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006E18D 0_2_0006E18D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016018B 0_2_0016018B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009A1AC 0_2_0009A1AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EA1A4 0_2_000EA1A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001381BD 0_2_001381BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B21BA 0_2_000B21BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B01A9 0_2_001B01A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010E1A3 0_2_0010E1A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001421D3 0_2_001421D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001021DF 0_2_001021DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CA1D5 0_2_000CA1D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005E1EC 0_2_0005E1EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001741E0 0_2_001741E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CE203 0_2_000CE203
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F021A 0_2_000F021A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018420E 0_2_0018420E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015A209 0_2_0015A209
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D822C 0_2_000D822C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D223F 0_2_000D223F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B6238 0_2_000B6238
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EC239 0_2_000EC239
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00144259 0_2_00144259
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B6243 0_2_001B6243
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A8253 0_2_000A8253
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00122248 0_2_00122248
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010A24F 0_2_0010A24F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018E27B 0_2_0018E27B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019027F 0_2_0019027F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A4276 0_2_001A4276
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00118262 0_2_00118262
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CC276 0_2_000CC276
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017829E 0_2_0017829E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00150287 0_2_00150287
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001202B7 0_2_001202B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000642AA 0_2_000642AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000622A8 0_2_000622A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D62BD 0_2_000D62BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B42C3 0_2_000B42C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000922D8 0_2_000922D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001342F0 0_2_001342F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C42E2 0_2_000C42E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BA2F4 0_2_000BA2F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006030B 0_2_0006030B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006A314 0_2_0006A314
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00110303 0_2_00110303
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E231A 0_2_000E231A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015C333 0_2_0015C333
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A432D 0_2_000A432D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AA336 0_2_001AA336
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012A352 0_2_0012A352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CA358 0_2_000CA358
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B8352 0_2_000B8352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014034B 0_2_0014034B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00132373 0_2_00132373
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007A37E 0_2_0007A37E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010036B 0_2_0010036B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AC365 0_2_001AC365
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B6390 0_2_000B6390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012E38E 0_2_0012E38E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014638A 0_2_0014638A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E63AE 0_2_000E63AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011A3BB 0_2_0011A3BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008E3A3 0_2_0008E3A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013A3A3 0_2_0013A3A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A03B1 0_2_000A03B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B03DB 0_2_001B03DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A63C8 0_2_000A63C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001923C8 0_2_001923C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016A3F7 0_2_0016A3F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D23F9 0_2_000D23F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013641F 0_2_0013641F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00090407 0_2_00090407
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C841C 0_2_000C841C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009C41F 0_2_0009C41F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017E40E 0_2_0017E40E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009642A 0_2_0009642A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FA422 0_2_000FA422
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016C422 0_2_0016C422
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019C42D 0_2_0019C42D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019E42F 0_2_0019E42F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010C45E 0_2_0010C45E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00186440 0_2_00186440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00070468 0_2_00070468
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005A479 0_2_0005A479
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00180499 0_2_00180499
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00102494 0_2_00102494
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014A486 0_2_0014A486
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016248C 0_2_0016248C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013E4B0 0_2_0013E4B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001084B5 0_2_001084B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001424B3 0_2_001424B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C64A4 0_2_000C64A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000944A4 0_2_000944A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C24BC 0_2_000C24BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F84B7 0_2_000F84B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000584C3 0_2_000584C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000984DC 0_2_000984DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013C4FB 0_2_0013C4FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001144E1 0_2_001144E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001884E8 0_2_001884E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011C505 0_2_0011C505
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D4514 0_2_000D4514
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FE52F 0_2_000FE52F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00086529 0_2_00086529
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007852C 0_2_0007852C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019A54D 0_2_0019A54D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AE571 0_2_001AE571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B0574 0_2_001B0574
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009A570 0_2_0009A570
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C058C 0_2_000C058C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DA58E 0_2_000DA58E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A2597 0_2_001A2597
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011E58F 0_2_0011E58F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001665B7 0_2_001665B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014C5B0 0_2_0014C5B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001685D6 0_2_001685D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018C5DA 0_2_0018C5DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AE5C9 0_2_000AE5C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001065DB 0_2_001065DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019E5CD 0_2_0019E5CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012C5C5 0_2_0012C5C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E45EA 0_2_000E45EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001965FC 0_2_001965FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001205FC 0_2_001205FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A85EE 0_2_001A85EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D85FB 0_2_000D85FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008E60A 0_2_0008E60A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DE605 0_2_000DE605
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015A61F 0_2_0015A61F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BC611 0_2_000BC611
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010C60A 0_2_0010C60A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B2606 0_2_001B2606
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F4629 0_2_000F4629
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A4620 0_2_000A4620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CA621 0_2_000CA621
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00160626 0_2_00160626
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A0628 0_2_001A0628
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B063D 0_2_000B063D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A462D 0_2_001A462D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012862F 0_2_0012862F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00068645 0_2_00068645
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017A66B 0_2_0017A66B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CC671 0_2_000CC671
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D6684 0_2_000D6684
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B6698 0_2_000B6698
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00066692 0_2_00066692
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010E685 0_2_0010E685
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005C69B 0_2_0005C69B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001006B1 0_2_001006B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001566BC 0_2_001566BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000646BF 0_2_000646BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007E6BC 0_2_0007E6BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001906A4 0_2_001906A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001546D4 0_2_001546D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001246D7 0_2_001246D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F66C6 0_2_000F66C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EC6C3 0_2_000EC6C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001046CC 0_2_001046CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008C6EE 0_2_0008C6EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CE6F8 0_2_000CE6F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001986EF 0_2_001986EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000866F0 0_2_000866F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008270F 0_2_0008270F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E2719 0_2_000E2719
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014470D 0_2_0014470D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F072E 0_2_000F072E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018E732 0_2_0018E732
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00184724 0_2_00184724
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00194752 0_2_00194752
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010A75C 0_2_0010A75C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BA752 0_2_000BA752
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006C760 0_2_0006C760
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00172770 0_2_00172770
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00174770 0_2_00174770
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012077D 0_2_0012077D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009C771 0_2_0009C771
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006A784 0_2_0006A784
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EA78B 0_2_000EA78B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001BA789 0_2_001BA789
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00114782 0_2_00114782
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B079E 0_2_000B079E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A6781 0_2_001A6781
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001467B2 0_2_001467B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CA7AA 0_2_000CA7AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B07B3 0_2_001B07B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BC7A5 0_2_000BC7A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CE7BB 0_2_000CE7BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001807A5 0_2_001807A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000687CC 0_2_000687CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001927CE 0_2_001927CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC7D4 0_2_000AC7D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001867FC 0_2_001867FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011A7FD 0_2_0011A7FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001667EC 0_2_001667EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017E813 0_2_0017E813
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007680B 0_2_0007680B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00132803 0_2_00132803
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017080F 0_2_0017080F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00072827 0_2_00072827
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00100830 0_2_00100830
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008A820 0_2_0008A820
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014A838 0_2_0014A838
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DE83B 0_2_000DE83B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016085A 0_2_0016085A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00182849 0_2_00182849
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005C850 0_2_0005C850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EC856 0_2_000EC856
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009C86B 0_2_0009C86B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AA864 0_2_000AA864
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013E865 0_2_0013E865
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E089A 0_2_000E089A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012E88A 0_2_0012E88A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017688A 0_2_0017688A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EE8AA 0_2_000EE8AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B88B2 0_2_001B88B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012A8B8 0_2_0012A8B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018A8B5 0_2_0018A8B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C68B4 0_2_000C68B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001948A3 0_2_001948A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AA8A4 0_2_001AA8A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E8C6 0_2_0016E8C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D28D4 0_2_000D28D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A6905 0_2_000A6905
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007A910 0_2_0007A910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B4925 0_2_001B4925
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A8949 0_2_000A8949
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AE959 0_2_001AE959
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014E951 0_2_0014E951
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016A950 0_2_0016A950
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011C948 0_2_0011C948
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A0968 0_2_000A0968
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00140967 0_2_00140967
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018C96C 0_2_0018C96C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C2979 0_2_000C2979
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00196990 0_2_00196990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BE981 0_2_000BE981
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012699F 0_2_0012699F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E6980 0_2_000E6980
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011A98A 0_2_0011A98A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005E9AA 0_2_0005E9AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001889B7 0_2_001889B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CC9B9 0_2_000CC9B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B09AC 0_2_001B09AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AA9CB 0_2_000AA9CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A29DC 0_2_001A29DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A49DD 0_2_001A49DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000629D6 0_2_000629D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001609C8 0_2_001609C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0019A9C7 0_2_0019A9C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F69E5 0_2_000F69E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001129E4 0_2_001129E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A6A1E 0_2_001A6A1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A8A16 0_2_001A8A16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008EA1E 0_2_0008EA1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00080A20 0_2_00080A20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014CA56 0_2_0014CA56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00118A52 0_2_00118A52
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015AA50 0_2_0015AA50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010EA5C 0_2_0010EA5C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00114A5D 0_2_00114A5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00128A5F 0_2_00128A5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00078A49 0_2_00078A49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012CA49 0_2_0012CA49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DCA6D 0_2_000DCA6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00058A67 0_2_00058A67
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AEA74 0_2_000AEA74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00084A8B 0_2_00084A8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00056A8F 0_2_00056A8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001C2A88 0_2_001C2A88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E4A9B 0_2_000E4A9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000ECA95 0_2_000ECA95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DAAA6 0_2_000DAAA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F4ABC 0_2_000F4ABC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00158AA3 0_2_00158AA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006CACF 0_2_0006CACF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00120ADB 0_2_00120ADB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00102ACD 0_2_00102ACD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00126AF1 0_2_00126AF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009EAE7 0_2_0009EAE7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00094AFA 0_2_00094AFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A2B0A 0_2_000A2B0A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00116B13 0_2_00116B13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00130B06 0_2_00130B06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00072B1E 0_2_00072B1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A4B2B 0_2_000A4B2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00132B31 0_2_00132B31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001ACB38 0_2_001ACB38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00176B20 0_2_00176B20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018EB24 0_2_0018EB24
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007EB40 0_2_0007EB40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00092B42 0_2_00092B42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F2B53 0_2_000F2B53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00146B74 0_2_00146B74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00082B64 0_2_00082B64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017AB7B 0_2_0017AB7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00156B60 0_2_00156B60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A0B60 0_2_001A0B60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D6B85 0_2_000D6B85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00192B88 0_2_00192B88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011CB85 0_2_0011CB85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008EB90 0_2_0008EB90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00172B8F 0_2_00172B8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00178BBD 0_2_00178BBD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170BA2 0_2_00170BA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00198BA0 0_2_00198BA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00100BAE 0_2_00100BAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FEBCD 0_2_000FEBCD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00122BD5 0_2_00122BD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BABC3 0_2_000BABC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00110BD9 0_2_00110BD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007ABC8 0_2_0007ABC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0010CBC9 0_2_0010CBC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012EBCE 0_2_0012EBCE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00070BE2 0_2_00070BE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00128BE3 0_2_00128BE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009CC0E 0_2_0009CC0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BCC02 0_2_000BCC02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014EC03 0_2_0014EC03
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FAC17 0_2_000FAC17
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008CC2F 0_2_0008CC2F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00096C20 0_2_00096C20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B0C20 0_2_000B0C20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B6C29 0_2_001B6C29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00184C59 0_2_00184C59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D4C5E 0_2_000D4C5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016EC7C 0_2_0016EC7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B2C7D 0_2_000B2C7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00144C62 0_2_00144C62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FCC75 0_2_000FCC75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015EC95 0_2_0015EC95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000ECC80 0_2_000ECC80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007CC90 0_2_0007CC90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00186C85 0_2_00186C85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015CCA7 0_2_0015CCA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00092CBD 0_2_00092CBD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008ACC4 0_2_0008ACC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F8CC3 0_2_000F8CC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001BACFB 0_2_001BACFB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E8CF8 0_2_000E8CF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006ACFC 0_2_0006ACFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00084CF7 0_2_00084CF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B8D1A 0_2_001B8D1A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0018CD1F 0_2_0018CD1F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CCD07 0_2_000CCD07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A8D18 0_2_000A8D18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C6D1E 0_2_000C6D1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B0D32 0_2_001B0D32
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00082D3A 0_2_00082D3A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011ED53 0_2_0011ED53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00154D59 0_2_00154D59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00182D49 0_2_00182D49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00056D6F 0_2_00056D6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005ED6E 0_2_0005ED6E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E4D60 0_2_000E4D60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00096D7C 0_2_00096D7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00124D64 0_2_00124D64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00194D99 0_2_00194D99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00088D8B 0_2_00088D8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00090D8A 0_2_00090D8A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00152D93 0_2_00152D93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00086D81 0_2_00086D81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012AD99 0_2_0012AD99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E0D80 0_2_000E0D80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00110D82 0_2_00110D82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00102D84 0_2_00102D84
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D8DBE 0_2_000D8DBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006CDB0 0_2_0006CDB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A8DCF 0_2_001A8DCF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014ADC9 0_2_0014ADC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00134DF3 0_2_00134DF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BEDED 0_2_000BEDED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00188DF0 0_2_00188DF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016ADFF 0_2_0016ADFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A0E0E 0_2_000A0E0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014CE13 0_2_0014CE13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000D0E11 0_2_000D0E11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B2E3F 0_2_001B2E3F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000EEE28 0_2_000EEE28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00100E3B 0_2_00100E3B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008AE3C 0_2_0008AE3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00074E4D 0_2_00074E4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00068E5F 0_2_00068E5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00080E6B 0_2_00080E6B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00058E6C 0_2_00058E6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DAE62 0_2_000DAE62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00120E63 0_2_00120E63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00132E62 0_2_00132E62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00138E60 0_2_00138E60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0015AE63 0_2_0015AE63
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00160E6F 0_2_00160E6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00078E9C 0_2_00078E9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00162E89 0_2_00162E89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000B8EAA 0_2_000B8EAA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001ACEB9 0_2_001ACEB9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009CEA1 0_2_0009CEA1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00118EA0 0_2_00118EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00172EAE 0_2_00172EAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00150ED7 0_2_00150ED7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E2EDF 0_2_000E2EDF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000F6EDD 0_2_000F6EDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A8ED0 0_2_000A8ED0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00136EF6 0_2_00136EF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00156EF3 0_2_00156EF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A6EF2 0_2_001A6EF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0009AEFC 0_2_0009AEFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001A0F14 0_2_001A0F14
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001CCF0D 0_2_001CCF0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005CF10 0_2_0005CF10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C4F19 0_2_000C4F19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00198F0E 0_2_00198F0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CEF16 0_2_000CEF16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0013EF0E 0_2_0013EF0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007CF2E 0_2_0007CF2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001C0F2E 0_2_001C0F2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BEF48 0_2_000BEF48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000A2F45 0_2_000A2F45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00186F4F 0_2_00186F4F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000DEF50 0_2_000DEF50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00128F73 0_2_00128F73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00092F65 0_2_00092F65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0017CF94 0_2_0017CF94
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00094F98 0_2_00094F98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C8F96 0_2_000C8F96
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CCF92 0_2_000CCF92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00142F8B 0_2_00142F8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000E8FAF 0_2_000E8FAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00192FB7 0_2_00192FB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005AFB4 0_2_0005AFB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0008EFBA 0_2_0008EFBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00104FA5 0_2_00104FA5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00114FA9 0_2_00114FA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000BCFB6 0_2_000BCFB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00122FDA 0_2_00122FDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00098FC0 0_2_00098FC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B6FD1 0_2_001B6FD1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000C2FD1 0_2_000C2FD1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000ACFF9 0_2_000ACFF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0012CFE1 0_2_0012CFE1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00130FE0 0_2_00130FE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00074FFC 0_2_00074FFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001AAFE6 0_2_001AAFE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FF00F 0_2_000FF00F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FD00A 0_2_000FD00A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000CB004 0_2_000CB004
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007F017 0_2_0007F017
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00179009 0_2_00179009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00063026 0_2_00063026
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00177031 0_2_00177031
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0007B02F 0_2_0007B02F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00071037 0_2_00071037
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000FB05F 0_2_000FB05F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001B9043 0_2_001B9043
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014F04A 0_2_0014F04A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0014707E 0_2_0014707E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0006F081 0_2_0006F081
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0022918B appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000000.1666954748.0000000000046000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.1808009670.0000000000BCE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: cvvysqud ZLIB complexity 0.9949089158767772
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1753600 > 1048576
Source: file.exe Static PE information: Raw size of cvvysqud is bigger than: 0x100000 < 0x1a6000
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1807242566.0000000000042000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1674344786.00000000048C0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.40000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cvvysqud:EW;thfnmwko:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1afdab should be: 0x1b3c54
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: cvvysqud
Source: file.exe Static PE information: section name: thfnmwko
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004E7D8 push edi; mov dword ptr [esp], esi 0_2_0004F429
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004C010 push 2B0775CDh; mov dword ptr [esp], esi 0_2_0004C64E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push ebx; mov dword ptr [esp], 2B5FF356h 0_2_0017052D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push 286474E5h; mov dword ptr [esp], eax 0_2_0017056A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push 2474E0DDh; mov dword ptr [esp], ecx 0_2_001706C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push 1FB1BA29h; mov dword ptr [esp], ebp 0_2_0017072B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push edi; mov dword ptr [esp], ebp 0_2_00170732
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00170024 push edi; mov dword ptr [esp], 7F6EAE78h 0_2_00170746
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0027A013 push ecx; mov dword ptr [esp], ebx 0_2_0027A063
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0027A013 push 22535B01h; mov dword ptr [esp], ecx 0_2_0027A0EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push ebx; mov dword ptr [esp], eax 0_2_0016E65F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push 5538462Ah; mov dword ptr [esp], ecx 0_2_0016E668
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push ebx; mov dword ptr [esp], edx 0_2_0016E707
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push ebp; mov dword ptr [esp], ebx 0_2_0016E71B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push 6F5E2681h; mov dword ptr [esp], esp 0_2_0016E751
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push 15AA431Dh; mov dword ptr [esp], esi 0_2_0016E769
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push 254AB39Dh; mov dword ptr [esp], ebx 0_2_0016E79F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0016E04C push esi; mov dword ptr [esp], edx 0_2_0016E7F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0011C06B push 5463A900h; mov dword ptr [esp], eax 0_2_0011C079
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push 7FC3B3C2h; mov dword ptr [esp], edi 0_2_000AC505
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push 66F07E71h; mov dword ptr [esp], ecx 0_2_000AC5F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push 39479FF7h; mov dword ptr [esp], esp 0_2_000AC5FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push ebx; mov dword ptr [esp], 2B87B454h 0_2_000AC637
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push ecx; mov dword ptr [esp], edx 0_2_000AC657
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push edx; mov dword ptr [esp], esi 0_2_000AC683
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push ebp; mov dword ptr [esp], 7675DDC5h 0_2_000AC70B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push 7CFEA94Dh; mov dword ptr [esp], ecx 0_2_000AC735
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_000AC083 push 3F28ECD6h; mov dword ptr [esp], esp 0_2_000AC75D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005209C push eax; mov dword ptr [esp], 5154FA9Fh 0_2_000520AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0005209C push edx; mov dword ptr [esp], ebx 0_2_000520C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00052104 push ecx; mov dword ptr [esp], eax 0_2_00052109
Source: file.exe Static PE information: section name: entropy: 7.793465299011401
Source: file.exe Static PE information: section name: cvvysqud entropy: 7.954211538336001

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB54 second address: 4DB59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C0A35 second address: 1C0A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C0A49 second address: 1C0A4F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D105C second address: 1D1062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D1062 second address: 1D107D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D107D second address: 1D109B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29E1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D109B second address: 1D10A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D10A1 second address: 1D10A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D1237 second address: 1D123C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D123C second address: 1D1245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D1245 second address: 1D1249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D1249 second address: 1D124D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D52EB second address: 1D52EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D52EF second address: 1D52F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D52F3 second address: 1D531A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F01D8BCA1BDh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jo 00007F01D8BCA1C2h 0x00000017 js 00007F01D8BCA1BCh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D531A second address: 4DB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov cx, di 0x00000008 push dword ptr [ebp+122D122Dh] 0x0000000e movzx edi, si 0x00000011 call dword ptr [ebp+122D2FA3h] 0x00000017 pushad 0x00000018 clc 0x00000019 xor eax, eax 0x0000001b pushad 0x0000001c jnc 00007F01D8DC29DCh 0x00000022 sub edx, dword ptr [ebp+122D395Dh] 0x00000028 popad 0x00000029 mov edx, dword ptr [esp+28h] 0x0000002d clc 0x0000002e mov dword ptr [ebp+122D387Dh], eax 0x00000034 sub dword ptr [ebp+122D3418h], ecx 0x0000003a mov esi, 0000003Ch 0x0000003f jmp 00007F01D8DC29E1h 0x00000044 add esi, dword ptr [esp+24h] 0x00000048 cmc 0x00000049 lodsw 0x0000004b pushad 0x0000004c mov bl, 09h 0x0000004e jg 00007F01D8DC29D9h 0x00000054 popad 0x00000055 add eax, dword ptr [esp+24h] 0x00000059 pushad 0x0000005a or ebx, dword ptr [ebp+122D37A5h] 0x00000060 jo 00007F01D8DC29DCh 0x00000066 add dword ptr [ebp+122D3418h], edi 0x0000006c popad 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 clc 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 pushad 0x00000076 jmp 00007F01D8DC29DAh 0x0000007b jmp 00007F01D8DC29E1h 0x00000080 popad 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D537F second address: 1D5385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D5385 second address: 1D5389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D549F second address: 1D54D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F01D8BCA1B6h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F01D8BCA1C6h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a jbe 00007F01D8BCA1B6h 0x00000020 pop ecx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D54D1 second address: 1D54EF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F01D8DC29D8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jnp 00007F01D8DC29E2h 0x00000016 ja 00007F01D8DC29DCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D54EF second address: 1D555C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov edx, dword ptr [ebp+122D59DEh] 0x0000000b push 00000003h 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F01D8BCA1B8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 pushad 0x00000028 mov dword ptr [ebp+122D1BA4h], ebx 0x0000002e popad 0x0000002f push 00000000h 0x00000031 pushad 0x00000032 jmp 00007F01D8BCA1C5h 0x00000037 cld 0x00000038 popad 0x00000039 push 00000003h 0x0000003b add dword ptr [ebp+122D1D74h], edi 0x00000041 mov ch, 44h 0x00000043 push 44BBE932h 0x00000048 push eax 0x00000049 push edx 0x0000004a push esi 0x0000004b jmp 00007F01D8BCA1BCh 0x00000050 pop esi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D555C second address: 1D559B instructions: 0x00000000 rdtsc 0x00000002 js 00007F01D8DC29DCh 0x00000008 jnl 00007F01D8DC29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 add dword ptr [esp], 7B4416CEh 0x00000017 mov edi, dword ptr [ebp+122D1BF7h] 0x0000001d lea ebx, dword ptr [ebp+1245B228h] 0x00000023 mov esi, 18620F5Fh 0x00000028 jbe 00007F01D8DC29DCh 0x0000002e mov dword ptr [ebp+122D359Eh], ebx 0x00000034 push eax 0x00000035 jbe 00007F01D8DC29E0h 0x0000003b push eax 0x0000003c push edx 0x0000003d push ebx 0x0000003e pop ebx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1D55C8 second address: 1D55FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 jmp 00007F01D8BCA1BFh 0x0000000c nop 0x0000000d and ch, 00000030h 0x00000010 push 00000000h 0x00000012 cmc 0x00000013 call 00007F01D8BCA1B9h 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jmp 00007F01D8BCA1BDh 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E6FCA second address: 1E6FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E6FD0 second address: 1E6FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E6FD4 second address: 1E6FD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F58C8 second address: 1F58CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F58CC second address: 1F58DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F01D8DC29D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3853 second address: 1F3868 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3868 second address: 1F386C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F386C second address: 1F3878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F01D8BCA1B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3878 second address: 1F3894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F01D8DC29E8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3894 second address: 1F38C7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007F01D8BCA1B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F01D8BCA1C5h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 je 00007F01D8BCA204h 0x00000019 push eax 0x0000001a push edx 0x0000001b jc 00007F01D8BCA1B6h 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F38C7 second address: 1F38EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29E9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F01D8DC29F5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3E53 second address: 1F3E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3E5F second address: 1F3E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3E63 second address: 1F3E67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F3FC7 second address: 1F3FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F410F second address: 1F411B instructions: 0x00000000 rdtsc 0x00000002 js 00007F01D8BCA1BEh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F467B second address: 1F469A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F01D8DC29D6h 0x00000008 je 00007F01D8DC29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F01D8DC29DFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F469A second address: 1F46A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F46A0 second address: 1F46A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F47F1 second address: 1F47F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F47F7 second address: 1F47FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E8808 second address: 1E880C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E880C second address: 1E8819 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E8819 second address: 1E881F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F4A83 second address: 1F4ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F01D8DC29E7h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jmp 00007F01D8DC29DEh 0x00000013 jnl 00007F01D8DC29D8h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F4ABF second address: 1F4AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F4AC3 second address: 1F4AC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F73DD second address: 1F73E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FAB02 second address: 1FAB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FAB06 second address: 1FAB0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FAB0A second address: 1FAB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jnp 00007F01D8DC29D6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FBFE2 second address: 1FBFE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C25DC second address: 1C25EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29DAh 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200904 second address: 20090A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20090A second address: 20090E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20090E second address: 200914 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200914 second address: 200930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F01D8DC29E3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200930 second address: 20094D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F01D8BCA1C6h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200E3C second address: 200E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jno 00007F01D8DC29E2h 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F01D8DC29D6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20101F second address: 20104F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F01D8BCA1BBh 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b jg 00007F01D8BCA1C9h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F01D8BCA1C1h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ecx 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2043BC second address: 2043C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2043C1 second address: 2043DB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F01D8BCA1C1h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 204545 second address: 204549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 204549 second address: 204568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b jmp 00007F01D8BCA1C3h 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2049B6 second address: 2049BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20519F second address: 2051A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20537E second address: 205382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 205382 second address: 20538D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2054A5 second address: 2054B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F01D8DC29D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2054B3 second address: 2054ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F01D8BCA1B8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 stc 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push edx 0x00000028 pop edx 0x00000029 jno 00007F01D8BCA1B6h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2063F1 second address: 2063F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 207F09 second address: 207F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 207F0D second address: 207F13 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 207F13 second address: 207F91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D3657h], ebx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F01D8BCA1B8h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D231Dh], edi 0x00000032 mov edi, dword ptr [ebp+122D270Ch] 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007F01D8BCA1B8h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 0000001Ch 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 movzx esi, di 0x00000057 push eax 0x00000058 pushad 0x00000059 jo 00007F01D8BCA1B8h 0x0000005f pushad 0x00000060 popad 0x00000061 push ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 208AE4 second address: 208AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C40C9 second address: 1C40F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F01D8BCA1BCh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jo 00007F01D8BCA1B6h 0x00000013 jmp 00007F01D8BCA1C0h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C40F7 second address: 1C40FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2092A0 second address: 2092A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20D03C second address: 20D046 instructions: 0x00000000 rdtsc 0x00000002 js 00007F01D8DC29EDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20D046 second address: 20D085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8BCA1C1h 0x00000009 jmp 00007F01D8BCA1C9h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F01D8BCA1B6h 0x00000019 jnl 00007F01D8BCA1B6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1BD481 second address: 1BD485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1BD485 second address: 1BD49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jnp 00007F01D8BCA1B6h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F01D8BCA1B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20B2C6 second address: 20B2CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20BDA9 second address: 20BDB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20BDB4 second address: 20BDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007F01D8DC29DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21045F second address: 210466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 210466 second address: 210471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F01D8DC29D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 210471 second address: 2104D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F01D8BCA1C0h 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F01D8BCA1B8h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e or dword ptr [ebp+12480F44h], eax 0x00000034 push 00000000h 0x00000036 and di, E6FAh 0x0000003b push 00000000h 0x0000003d jno 00007F01D8BCA1BAh 0x00000043 mov dword ptr [ebp+1245B4A4h], edi 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushad 0x0000004e popad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2104D6 second address: 2104DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2104DB second address: 2104E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21146A second address: 211474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F01D8DC29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 211474 second address: 2114D1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F01D8BCA1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pushad 0x0000000f je 00007F01D8BCA1B6h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 pop esi 0x00000019 nop 0x0000001a ja 00007F01D8BCA1BAh 0x00000020 push 00000000h 0x00000022 sub dword ptr [ebp+122D1B71h], edi 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F01D8BCA1B8h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D391Dh] 0x0000004a xchg eax, esi 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f pop ecx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2114D1 second address: 2114F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F01D8DC29E3h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2114F9 second address: 2114FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2114FD second address: 211501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 212636 second address: 21263D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21263D second address: 2126AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F01D8DC29D8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 jmp 00007F01D8DC29E4h 0x00000027 push 00000000h 0x00000029 pushad 0x0000002a jmp 00007F01D8DC29DAh 0x0000002f jmp 00007F01D8DC29E7h 0x00000034 popad 0x00000035 push 00000000h 0x00000037 mov ebx, dword ptr [ebp+122D3566h] 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2126AB second address: 2126AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 211767 second address: 21176B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2126AF second address: 2126B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21176B second address: 21177B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21367D second address: 213690 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 213690 second address: 2136F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 je 00007F01D8DC29D6h 0x0000000c jmp 00007F01D8DC29DFh 0x00000011 popad 0x00000012 popad 0x00000013 nop 0x00000014 or edi, 4AD3FA72h 0x0000001a mov edi, dword ptr [ebp+122D388Dh] 0x00000020 push 00000000h 0x00000022 mov dword ptr [ebp+122D1C4Bh], edx 0x00000028 push 00000000h 0x0000002a pushad 0x0000002b jmp 00007F01D8DC29E8h 0x00000030 popad 0x00000031 xchg eax, esi 0x00000032 pushad 0x00000033 push esi 0x00000034 jmp 00007F01D8DC29DCh 0x00000039 pop esi 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2136F1 second address: 2136F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 215661 second address: 215665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 215665 second address: 21566F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F01D8BCA1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21566F second address: 215675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 215675 second address: 215679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 215679 second address: 2156E8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F01D8DC29DAh 0x00000012 nop 0x00000013 movzx edi, cx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F01D8DC29D8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 jmp 00007F01D8DC29DCh 0x00000037 call 00007F01D8DC29DBh 0x0000003c mov edi, 19450BACh 0x00000041 pop ebx 0x00000042 push 00000000h 0x00000044 push ebx 0x00000045 mov ebx, dword ptr [ebp+122D383Dh] 0x0000004b pop edi 0x0000004c xchg eax, esi 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push ebx 0x00000051 pop ebx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2156E8 second address: 2156EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2167B6 second address: 2167CD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007F01D8DC29D6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F01D8DC29D8h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 215849 second address: 21584D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21584D second address: 21586E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jnl 00007F01D8DC29DCh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F01D8DC29DAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21586E second address: 215872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 216972 second address: 216978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 216978 second address: 21697C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2188EA second address: 218909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F01D8DC29E2h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21A8EC second address: 21A908 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F01D8BCA1C0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21C8B9 second address: 21C8BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21C8BE second address: 21C91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F01D8BCA1C4h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F01D8BCA1B8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push edi 0x00000029 pushad 0x0000002a mov ecx, 31BA1F8Fh 0x0000002f cmc 0x00000030 popad 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 mov bx, si 0x00000037 push 00000000h 0x00000039 mov edi, dword ptr [ebp+122D34F3h] 0x0000003f xchg eax, esi 0x00000040 push eax 0x00000041 push edx 0x00000042 jne 00007F01D8BCA1B8h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21C91F second address: 21C94E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F01D8DC29E7h 0x00000008 jmp 00007F01D8DC29E1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F01D8DC29DEh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21AB26 second address: 21AB30 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F01D8BCA1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 219AA1 second address: 219B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F01D8DC29DBh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F01D8DC29D8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov bx, F218h 0x0000002e push dword ptr fs:[00000000h] 0x00000035 mov ebx, dword ptr [ebp+12459B9Fh] 0x0000003b mov ebx, 795FE24Dh 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 push 00000000h 0x00000049 push esi 0x0000004a call 00007F01D8DC29D8h 0x0000004f pop esi 0x00000050 mov dword ptr [esp+04h], esi 0x00000054 add dword ptr [esp+04h], 00000019h 0x0000005c inc esi 0x0000005d push esi 0x0000005e ret 0x0000005f pop esi 0x00000060 ret 0x00000061 mov dword ptr [ebp+122D2BF1h], edx 0x00000067 adc di, 401Ah 0x0000006c mov eax, dword ptr [ebp+122D021Dh] 0x00000072 mov bx, 64D2h 0x00000076 push FFFFFFFFh 0x00000078 mov ebx, 67D4F689h 0x0000007d nop 0x0000007e push eax 0x0000007f push edx 0x00000080 push eax 0x00000081 jmp 00007F01D8DC29E6h 0x00000086 pop eax 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21BA5A second address: 21BAD3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F01D8BCA1C0h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, dword ptr [ebp+122D37B5h] 0x00000014 movsx ebx, dx 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov ebx, dword ptr [ebp+122D2A13h] 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007F01D8BCA1B8h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 0000001Ch 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 mov dword ptr [ebp+1245CDB1h], ecx 0x0000004b mov eax, dword ptr [ebp+122D0071h] 0x00000051 mov edi, dword ptr [ebp+12459BC5h] 0x00000057 push FFFFFFFFh 0x00000059 add di, 2654h 0x0000005e push eax 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 218B76 second address: 218B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21D869 second address: 21D86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21BAD3 second address: 21BAD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21D86F second address: 21D8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F01D8BCA1B8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov bx, di 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F01D8BCA1B8h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 0000001Ch 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 add dword ptr [ebp+12457FBCh], edx 0x0000004a or dword ptr [ebp+12468B82h], eax 0x00000050 xchg eax, esi 0x00000051 jmp 00007F01D8BCA1C7h 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21BAD7 second address: 21BAE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F01D8DC29DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21D8EC second address: 21D8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8BCA1BDh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21F7CB second address: 21F830 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F01D8DC29D8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a jng 00007F01D8DC29E8h 0x00000030 jmp 00007F01D8DC29E2h 0x00000035 push 00000000h 0x00000037 sub dword ptr [ebp+122D34E8h], edi 0x0000003d mov dword ptr [ebp+122D3418h], ecx 0x00000043 xchg eax, esi 0x00000044 push edi 0x00000045 jnc 00007F01D8DC29D8h 0x0000004b push eax 0x0000004c pop eax 0x0000004d pop edi 0x0000004e push eax 0x0000004f pushad 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21F830 second address: 21F836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21F953 second address: 21F957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 226DDF second address: 226DFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jnp 00007F01D8BCA1B6h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2264B5 second address: 2264BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2264BB second address: 2264C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2264C0 second address: 2264E9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F01D8DC29E2h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F01D8DC29DBh 0x00000012 push esi 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2264E9 second address: 2264EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2264EF second address: 2264F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22665A second address: 22665F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22665F second address: 226680 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F01D8DC29E7h 0x00000009 jbe 00007F01D8DC29D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2267D3 second address: 2267F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236E37 second address: 236E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236F66 second address: 236F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236F6A second address: 236F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236F70 second address: 236F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F01D8BCA1B6h 0x00000009 jmp 00007F01D8BCA1C5h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 jo 00007F01D8BCA1BCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236F9E second address: 236FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F01D8DC29ECh 0x0000000a jmp 00007F01D8DC29E6h 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jno 00007F01D8DC29DEh 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push esi 0x00000020 pop esi 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 236FDB second address: 236FE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23707D second address: 237082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 237082 second address: 4DB54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F01D8BCA1BFh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 1C37EF61h 0x00000014 jmp 00007F01D8BCA1BCh 0x00000019 push dword ptr [ebp+122D122Dh] 0x0000001f jmp 00007F01D8BCA1BBh 0x00000024 call dword ptr [ebp+122D2FA3h] 0x0000002a pushad 0x0000002b clc 0x0000002c xor eax, eax 0x0000002e pushad 0x0000002f jnc 00007F01D8BCA1BCh 0x00000035 sub edx, dword ptr [ebp+122D395Dh] 0x0000003b popad 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 clc 0x00000041 mov dword ptr [ebp+122D387Dh], eax 0x00000047 sub dword ptr [ebp+122D3418h], ecx 0x0000004d mov esi, 0000003Ch 0x00000052 jmp 00007F01D8BCA1C1h 0x00000057 add esi, dword ptr [esp+24h] 0x0000005b cmc 0x0000005c lodsw 0x0000005e pushad 0x0000005f mov bl, 09h 0x00000061 jg 00007F01D8BCA1B9h 0x00000067 popad 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c pushad 0x0000006d or ebx, dword ptr [ebp+122D37A5h] 0x00000073 jo 00007F01D8BCA1BCh 0x00000079 add dword ptr [ebp+122D3418h], edi 0x0000007f popad 0x00000080 mov ebx, dword ptr [esp+24h] 0x00000084 clc 0x00000085 push eax 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 jmp 00007F01D8BCA1BAh 0x0000008e jmp 00007F01D8BCA1C1h 0x00000093 popad 0x00000094 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C5BD1 second address: 1C5BD7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1CAE48 second address: 1CAE4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23F893 second address: 23F8BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E3h 0x00000009 jnc 00007F01D8DC29DCh 0x0000000f popad 0x00000010 push edx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240182 second address: 2401AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F01D8BCA1C8h 0x0000000a jmp 00007F01D8BCA1C2h 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007F01D8BCA1B6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2401AA second address: 2401AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2401AE second address: 2401CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BFh 0x00000007 jnp 00007F01D8BCA1B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2401CD second address: 2401D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2404CD second address: 2404D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240607 second address: 240617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F01D8DC29D6h 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 245F61 second address: 245F77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 245093 second address: 2450A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29DCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2450A3 second address: 2450A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 245745 second address: 24574C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24574C second address: 245756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F01D8BCA1B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2459DC second address: 2459FE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F01D8DC29D6h 0x00000008 jmp 00007F01D8DC29E0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 ja 00007F01D8DC29D6h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2459FE second address: 245A03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2490B4 second address: 2490C9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F01D8DC29DEh 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C5BC7 second address: 1C5BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24D515 second address: 24D51B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 202D97 second address: 202D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 202D9C second address: 202DA6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F01D8DC29DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 202DA6 second address: 202DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F01D8BCA1C0h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jp 00007F01D8BCA1B6h 0x00000016 popad 0x00000017 nop 0x00000018 push eax 0x00000019 xor ecx, dword ptr [ebp+122D385Dh] 0x0000001f pop edi 0x00000020 lea eax, dword ptr [ebp+12488B11h] 0x00000026 mov edx, esi 0x00000028 nop 0x00000029 jnp 00007F01D8BCA1C4h 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 202DD8 second address: 1E8808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F01D8DC29D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e jnp 00007F01D8DC29D6h 0x00000014 jnc 00007F01D8DC29D6h 0x0000001a popad 0x0000001b pop ebx 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F01D8DC29D8h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000015h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 call dword ptr [ebp+1246B7D5h] 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20348B second address: 20348F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20348F second address: 2034A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 stc 0x0000000a nop 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F01D8DC29DAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2034A7 second address: 2034AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203B63 second address: 203B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203B67 second address: 203B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F01D8BCA1B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203EFD second address: 203F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203F06 second address: 203F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 sub dword ptr [ebp+1245CDC0h], eax 0x0000000d lea eax, dword ptr [ebp+12488B55h] 0x00000013 adc dx, EFFBh 0x00000018 push eax 0x00000019 jmp 00007F01D8BCA1BDh 0x0000001e mov dword ptr [esp], eax 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F01D8BCA1B8h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 00000014h 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b adc dl, 00000027h 0x0000003e lea eax, dword ptr [ebp+12488B11h] 0x00000044 cld 0x00000045 push eax 0x00000046 pushad 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203F5A second address: 1E938B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jo 00007F01D8DC29EBh 0x0000000d jmp 00007F01D8DC29E5h 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 jg 00007F01D8DC29D9h 0x0000001c call dword ptr [ebp+122D3589h] 0x00000022 js 00007F01D8DC29FCh 0x00000028 pushad 0x00000029 jmp 00007F01D8DC29E0h 0x0000002e jnp 00007F01D8DC29D6h 0x00000034 popad 0x00000035 jmp 00007F01D8DC29DEh 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1E938B second address: 1E9390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24C7E1 second address: 24C7EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24C7EA second address: 24C811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 popad 0x00000008 jg 00007F01D8BCA1F8h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F01D8BCA1C1h 0x00000015 jnc 00007F01D8BCA1B6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24C811 second address: 24C815 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24CAE5 second address: 24CAE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24EBF8 second address: 24EBFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24EBFC second address: 24EC02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258D0D second address: 258D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257895 second address: 2578FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F01D8BCA1C5h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jg 00007F01D8BCA1B6h 0x00000010 jng 00007F01D8BCA1B6h 0x00000016 popad 0x00000017 jng 00007F01D8BCA1CBh 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push edi 0x00000020 jnc 00007F01D8BCA1CAh 0x00000026 jnp 00007F01D8BCA1C2h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257A61 second address: 257A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29E3h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F01D8DC29D6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257A80 second address: 257A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257BFE second address: 257C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E0h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257F33 second address: 257F42 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F01D8BCA1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257F42 second address: 257F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F01D8DC29D6h 0x0000000a jmp 00007F01D8DC29DCh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257F5D second address: 257F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F01D8BCA1BCh 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257F7D second address: 257F8A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258557 second address: 25856D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25856D second address: 258579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F01D8DC29D6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258579 second address: 258588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258588 second address: 258599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F01D8DC29D6h 0x0000000a jnp 00007F01D8DC29D6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258599 second address: 25859E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25859E second address: 2585AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 jno 00007F01D8DC29D6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25873B second address: 258741 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 258741 second address: 258757 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F01D8DC29DCh 0x00000009 jns 00007F01D8DC29D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25731A second address: 257320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257320 second address: 257340 instructions: 0x00000000 rdtsc 0x00000002 je 00007F01D8DC29D6h 0x00000008 jmp 00007F01D8DC29E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 257340 second address: 257347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B54E second address: 25B562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F01D8DC29D6h 0x0000000a popad 0x0000000b push ecx 0x0000000c jg 00007F01D8DC29D6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B0D6 second address: 25B0DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B0DA second address: 25B0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B257 second address: 25B261 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F01D8BCA1B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B261 second address: 25B267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25B267 second address: 25B28A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C9h 0x00000007 jc 00007F01D8BCA1BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25CC41 second address: 25CC58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8DC29E1h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25F718 second address: 25F722 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F01D8BCA1B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264B49 second address: 264B7E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F01D8DC29E0h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F01D8DC29E7h 0x00000015 jmp 00007F01D8DC29DFh 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264B7E second address: 264B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264B82 second address: 264B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264C98 second address: 264CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264CA6 second address: 264CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F01D8DC29E5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264F26 second address: 264F30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264F30 second address: 264F46 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F01D8DC29E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 264F46 second address: 264F6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007F01D8BCA1C6h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jnp 00007F01D8BCA1B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203A11 second address: 203A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 or dl, FFFFFFEAh 0x0000000c mov ebx, dword ptr [ebp+12488B50h] 0x00000012 mov dword ptr [ebp+122D1841h], edi 0x00000018 add eax, ebx 0x0000001a je 00007F01D8DC29E1h 0x00000020 pushad 0x00000021 or eax, 229A5FFDh 0x00000027 mov si, ax 0x0000002a popad 0x0000002b jnp 00007F01D8DC29DBh 0x00000031 push eax 0x00000032 push eax 0x00000033 push ecx 0x00000034 jnc 00007F01D8DC29D6h 0x0000003a pop ecx 0x0000003b pop eax 0x0000003c mov dword ptr [esp], eax 0x0000003f xor di, 4AF7h 0x00000044 push 00000004h 0x00000046 mov dx, si 0x00000049 nop 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jnc 00007F01D8DC29D6h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203A6A second address: 203A6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203A6E second address: 203A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 203A74 second address: 203A91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F01D8BCA1B6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jbe 00007F01D8BCA1C4h 0x00000015 push eax 0x00000016 push edx 0x00000017 jng 00007F01D8BCA1B6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2653FA second address: 26541E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E3h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F01D8DC29D6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26541E second address: 265422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 265422 second address: 265428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 265428 second address: 26543F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F01D8BCA1C1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26543F second address: 265445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 265445 second address: 26544F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F01D8BCA1B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 268968 second address: 268978 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnl 00007F01D8DC29D6h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 268978 second address: 26897D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26897D second address: 268983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 268983 second address: 26898B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26898B second address: 2689B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F01D8DC29E6h 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop ecx 0x00000016 push esi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2689B8 second address: 2689BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2689BE second address: 2689C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 268B4F second address: 268B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F01D8BCA1C8h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C2A5 second address: 26C2DE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F01D8DC29EFh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F01D8DC29E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C2DE second address: 26C2E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C2E4 second address: 26C304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F01D8DC29E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C5CC second address: 26C5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C5D2 second address: 26C5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C5D8 second address: 26C5FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jne 00007F01D8BCA1B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F01D8BCA1B8h 0x0000001a push esi 0x0000001b pop esi 0x0000001c push ebx 0x0000001d jbe 00007F01D8BCA1B6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C5FD second address: 26C602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C602 second address: 26C60F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F01D8BCA1B8h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C74E second address: 26C75F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F01D8DC29D6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 272FA4 second address: 272FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 272FA8 second address: 272FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 273D20 second address: 273D27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 273FB8 second address: 273FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 273FBC second address: 273FC6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F01D8BCA1B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 274870 second address: 27489D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F01D8DC29E2h 0x0000000f popad 0x00000010 push ebx 0x00000011 push ecx 0x00000012 jmp 00007F01D8DC29DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27E145 second address: 27E155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jc 00007F01D8BCA1B8h 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C92FC second address: 1C9302 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C9302 second address: 1C9313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BAh 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27D664 second address: 27D669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27D669 second address: 27D66F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C92DF second address: 1C92E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1C92E5 second address: 1C92FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F01D8BCA1BFh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DC83 second address: 27DCA7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F01D8DC29EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DCA7 second address: 27DCAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DCAD second address: 27DCF9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F01D8DC29D6h 0x00000008 jg 00007F01D8DC29D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jmp 00007F01D8DC29DAh 0x00000019 jmp 00007F01D8DC29DEh 0x0000001e push edi 0x0000001f pop edi 0x00000020 jmp 00007F01D8DC29E1h 0x00000025 popad 0x00000026 pushad 0x00000027 push ecx 0x00000028 pop ecx 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e push esi 0x0000002f pop esi 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DCF9 second address: 27DD03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DD03 second address: 27DD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27DD07 second address: 27DD0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2858CD second address: 2858E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F01D8DC29DEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 283A47 second address: 283A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28405A second address: 28406F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F01D8DC29E0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28406F second address: 28409F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F01D8BCA1C6h 0x0000000e jmp 00007F01D8BCA1C1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28492B second address: 284938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F01D8DC29D6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 284938 second address: 28493E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 285752 second address: 285756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 285756 second address: 285760 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F01D8BCA1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 285760 second address: 285779 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F01D8DC29E1h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28DE6D second address: 28DE7D instructions: 0x00000000 rdtsc 0x00000002 je 00007F01D8BCA1B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28E13E second address: 28E142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 290845 second address: 290849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B6E0 second address: 29B6E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B6E9 second address: 29B6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B6EF second address: 29B6F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B6F4 second address: 29B70B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F01D8BCA1BEh 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29FB51 second address: 29FB66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F01D8DC29E0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A1FEC second address: 2A1FF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A8507 second address: 2A850B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A7293 second address: 2A72C5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F01D8BCA1DDh 0x00000008 jmp 00007F01D8BCA1C6h 0x0000000d jmp 00007F01D8BCA1C1h 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B10A9 second address: 2B10B3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F01D8DC29D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B10B3 second address: 2B10B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B10B9 second address: 2B10BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B10BD second address: 2B10D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F01D8BCA1B6h 0x0000000e jne 00007F01D8BCA1B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B10D1 second address: 2B10D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B6AB7 second address: 2B6AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8BCA1C8h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B6AD9 second address: 2B6AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F01D8DC29D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B6AE3 second address: 2B6B06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F01D8BCA1BEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7247 second address: 2B724B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B724B second address: 2B7255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BC040 second address: 2BC05D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F01D8DC29D6h 0x00000009 jmp 00007F01D8DC29E0h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BC170 second address: 2BC17A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BC17A second address: 2BC17E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BDB6C second address: 2BDB72 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BDB72 second address: 2BDB83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F01D8DC29D6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2BDB83 second address: 2BDB9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F01D8BCA1C3h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D4898 second address: 2D48A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D69D7 second address: 2D69DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D65D4 second address: 2D660F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E3h 0x00000009 jl 00007F01D8DC29D6h 0x0000000f jmp 00007F01D8DC29E1h 0x00000014 popad 0x00000015 jns 00007F01D8DC29D8h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D660F second address: 2D6615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DEEBA second address: 2DEEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8DC29E7h 0x00000009 jmp 00007F01D8DC29E7h 0x0000000e popad 0x0000000f pushad 0x00000010 jno 00007F01D8DC29D6h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF30F second address: 2DF31B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F01D8BCA1B6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF31B second address: 2DF350 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F01D8DC29D6h 0x00000008 jmp 00007F01D8DC29DFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F01D8DC29E8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF350 second address: 2DF354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF47A second address: 2DF47E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF47E second address: 2DF4A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8BCA1BEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F01D8BCA1C3h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF4A9 second address: 2DF4AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF647 second address: 2DF671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F01D8BCA1BFh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F01D8BCA1BDh 0x00000010 jnp 00007F01D8BCA1B6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF671 second address: 2DF681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007F01D8DC29E2h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2DF972 second address: 2DF97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E6D80 second address: 2E6D84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E96C1 second address: 2E96D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F01D8BCA1BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E2ACB second address: 2E2AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E2C32 second address: 2E2C36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E3D45 second address: 2E3D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E3D4B second address: 2E3D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F01D8BCA1C7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 4DB81 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 4DAE7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 29284F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 525B2 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 49B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E70000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4BD0000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004E06E rdtsc 0_2_0004E06E
Contains functionality to detect virtual machines (STR)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_001BC921 str word ptr [esi] 0_2_001BC921
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2344 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00232CD5 GetSystemInfo,VirtualAlloc, 0_2_00232CD5
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1807268516.00000000001DC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1807268516.00000000001DC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004E06E rdtsc 0_2_0004E06E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0004B98C LdrInitializeThunk,GetPriorityClass,RegOpenKeyA,CreateFileA,Sleep, 0_2_0004B98C
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1807268516.00000000001DC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: chProgram Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0022D2D8 GetSystemTime,GetFileTime, 0_2_0022D2D8

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1538070 Sample: file.exe Startdate: 20/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 AI detected suspicious sample 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos