Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561630
MD5: f2742a9288b543dfd082fe555fc135e7
SHA1: 3324370e94527fcf80ef571f9c1819d59b0b2f23
SHA256: dace3504559fca2ba342fa83836e916775514060f4772cdeb263b91906a23d46
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00723FBF CryptVerifySignatureA, 0_2_00723FBF
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2161011666.0000000004920000.00000004.00001000.00020000.00000000.sdmp
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: tse1.mm.bing.net

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 0_2_006CC073
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC093 0_2_006CC093
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CF939 0_2_006CF939
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E8274 0_2_006E8274
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007AE202 0_2_007AE202
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CFAF3 0_2_006CFAF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D9A99 0_2_006D9A99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054DB99 0_2_0054DB99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D8EA4 0_2_006D8EA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007A6FED 0_2_007A6FED
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0071EFB4 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2294103991.0000000000546000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2295387462.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: classification engine Classification label: mal100.evad.winEXE@1/1@1/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 2832384 > 1048576
Source: file.exe Static PE information: Raw size of rqwfzwob is bigger than: 0x100000 < 0x2ad800
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.2294079019.0000000000542000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2161011666.0000000004920000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.540000.0.unpack :EW;.rsrc:W;.idata :W;rqwfzwob:EW;llcfprjm:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x2bda1a should be: 0x2b81d6
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name: rqwfzwob
Source: file.exe Static PE information: section name: llcfprjm
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CF21A push 4A40CF9Bh; mov dword ptr [esp], edx 0_2_006CF268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CF21A push 7A48A33Fh; mov dword ptr [esp], ebp 0_2_006CF34D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CF21A push 0490BDEDh; mov dword ptr [esp], esp 0_2_006CF3B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054EC4A push ebp; mov dword ptr [esp], eax 0_2_0054F1DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054EC4A push ebp; mov dword ptr [esp], 773F8470h 0_2_0054F204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D1F82 push ebx; ret 0_2_006D1FB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0068 push edi; mov dword ptr [esp], 3FBE1A1Dh 0_2_006D0071
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0068 push edx; mov dword ptr [esp], ecx 0_2_006D009C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0068 push 0A67CC91h; mov dword ptr [esp], ebx 0_2_006D0103
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0068 push 78E073C4h; mov dword ptr [esp], esi 0_2_006D013C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0063 push edi; mov dword ptr [esp], 3FBE1A1Dh 0_2_006D0071
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0063 push edx; mov dword ptr [esp], ecx 0_2_006D009C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0063 push 0A67CC91h; mov dword ptr [esp], ebx 0_2_006D0103
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D0063 push 78E073C4h; mov dword ptr [esp], esi 0_2_006D013C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D2079 push edx; ret 0_2_006D20E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push eax; mov dword ptr [esp], ebp 0_2_006CC077
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push edi; mov dword ptr [esp], ecx 0_2_006CC088
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push 5309B5D1h; mov dword ptr [esp], esi 0_2_006CC11F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push esi; mov dword ptr [esp], edx 0_2_006CC138
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push esi; mov dword ptr [esp], esp 0_2_006CC177
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push 5A27E7F7h; mov dword ptr [esp], edi 0_2_006CC195
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push esi; mov dword ptr [esp], 7B61DAB0h 0_2_006CC1ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push ecx; mov dword ptr [esp], 7CF5A24Dh 0_2_006CC230
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push 1FF74FC2h; mov dword ptr [esp], esi 0_2_006CC26D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006CC073 push ebx; mov dword ptr [esp], 74DDC457h 0_2_006CC2D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CA849 push 63CD95C1h; mov dword ptr [esp], esi 0_2_007CA854
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CA849 push eax; mov dword ptr [esp], ecx 0_2_007CA868
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CA849 push 7B0C8904h; mov dword ptr [esp], edx 0_2_007CA9BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CA849 push 40458D5Bh; mov dword ptr [esp], eax 0_2_007CAA4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054F06F push edx; mov dword ptr [esp], eax 0_2_0054F098
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D782E push edx; mov dword ptr [esp], 7715CE67h 0_2_006D7EE1
Source: file.exe Static PE information: section name: entropy: 7.796841578474847

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54E278 second address: 54E282 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFE90E7CF76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DADB second address: 54DAE7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C3C54 second address: 6C3C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C3C63 second address: 6C3C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C3C69 second address: 6C3C80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CF947 second address: 6CF985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007EFE9128755Ah 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007EFE91287563h 0x0000001e jno 00007EFE91287556h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CF985 second address: 6CF98E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CF98E second address: 6CF9AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE91287568h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CF9AC second address: 6CF9B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D1E3B second address: 6D1E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007EFE9128755Bh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ecx 0x00000012 pushad 0x00000013 jp 00007EFE91287556h 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c pop ecx 0x0000001d mov eax, dword ptr [eax] 0x0000001f push esi 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push esi 0x00000024 pop esi 0x00000025 popad 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D1E71 second address: 6D1E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D1FC9 second address: 6D1FDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007EFE91287558h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2067 second address: 6D206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D206B second address: 6D2071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2071 second address: 6D2113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 7EBFDBB1h 0x00000012 push esi 0x00000013 add dword ptr [ebp+122D3978h], eax 0x00000019 pop ecx 0x0000001a push 00000003h 0x0000001c cmc 0x0000001d push 00000000h 0x0000001f xor dx, 048Bh 0x00000024 push 00000003h 0x00000026 mov dword ptr [ebp+122D1CCBh], edx 0x0000002c push BB6A7200h 0x00000031 jmp 00007EFE90E7CF82h 0x00000036 xor dword ptr [esp], 7B6A7200h 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 sub dword ptr [ebp+124543E3h], esi 0x0000005d lea ebx, dword ptr [ebp+12457D8Ah] 0x00000063 xor dh, FFFFFFA4h 0x00000066 xchg eax, ebx 0x00000067 pushad 0x00000068 push esi 0x00000069 jmp 00007EFE90E7CF7Ch 0x0000006e pop esi 0x0000006f jo 00007EFE90E7CF7Ch 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2290 second address: 6D2294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2294 second address: 6D2298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2298 second address: 6D22A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 je 00007EFE9128755Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22A9 second address: 6D22BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFE90E7CF78h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22BE second address: 6D22D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007EFE91287556h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22D6 second address: 6D22DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22DA second address: 6D22E4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22E4 second address: 6D22E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D22E9 second address: 6D2300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnl 00007EFE91287556h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D2300 second address: 6D232D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push ecx 0x0000000b sub dword ptr [ebp+122D1DCEh], ebx 0x00000011 pop esi 0x00000012 lea ebx, dword ptr [ebp+12457D95h] 0x00000018 push eax 0x00000019 jg 00007EFE90E7CF84h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C5841 second address: 6C584B instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFE91287556h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C584B second address: 6C5854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F1B1C second address: 6F1B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007EFE91287556h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007EFE91287561h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F1C5C second address: 6F1C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFE90E7CF81h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F1C74 second address: 6F1C90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287568h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F1C90 second address: 6F1C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F2600 second address: 6F2606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F2606 second address: 6F260A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F2943 second address: 6F294D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFE91287556h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F2C4F second address: 6F2C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007EFE90E7CF7Bh 0x00000011 popad 0x00000012 jmp 00007EFE90E7CF7Fh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E68C5 second address: 6E68E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE91287564h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E68E1 second address: 6E68F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a jng 00007EFE90E7CF76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CAABA second address: 6CAACE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 je 00007EFE91287556h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CAACE second address: 6CAAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6CAAD4 second address: 6CAAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F334B second address: 6F33AB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007EFE90E7CF76h 0x00000009 jmp 00007EFE90E7CF89h 0x0000000e pop ecx 0x0000000f jmp 00007EFE90E7CF84h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007EFE90E7CF95h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F3653 second address: 6F3659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F3659 second address: 6F3692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF88h 0x00000007 jmp 00007EFE90E7CF85h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007EFE90E7CF7Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F3A71 second address: 6F3AAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Fh 0x00000007 jnp 00007EFE91287556h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007EFE91287561h 0x00000014 pushad 0x00000015 jmp 00007EFE9128755Ch 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6F3AAC second address: 6F3ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007EFE90E7CF76h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FA98A second address: 6FA9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFE91287569h 0x0000000a popad 0x0000000b pushad 0x0000000c push ebx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop ebx 0x00000012 jmp 00007EFE91287561h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007EFE9128755Dh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FEDA8 second address: 6FEDB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE4B5 second address: 6FE4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007EFE91287556h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE609 second address: 6FE60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE60F second address: 6FE614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE614 second address: 6FE624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007EFE90E7CF76h 0x0000000a jnp 00007EFE90E7CF76h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE624 second address: 6FE628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE8EC second address: 6FE909 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFE90E7CF87h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE909 second address: 6FE93A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287566h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007EFE91287582h 0x0000000f jmp 00007EFE9128755Eh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FE93A second address: 6FE946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFE90E7CF76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FEAAB second address: 6FEAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7014AB second address: 7014B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7014B1 second address: 7014B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 701B8B second address: 701B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 701B8F second address: 701B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 701B93 second address: 701BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 702010 second address: 702016 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70464E second address: 7046B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 nop 0x00000011 movzx edi, si 0x00000014 push 00000000h 0x00000016 jng 00007EFE90E7CF7Ch 0x0000001c sub dword ptr [ebp+122D2E66h], esi 0x00000022 mov edi, dword ptr [ebp+122D1CEEh] 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007EFE90E7CF78h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 push eax 0x00000045 pushad 0x00000046 jp 00007EFE90E7CF7Ch 0x0000004c jbe 00007EFE90E7CF76h 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 703324 second address: 703328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 703328 second address: 70332E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70332E second address: 70334B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE91287569h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70514D second address: 7051D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFE90E7CF76h 0x0000000a popad 0x0000000b pop edx 0x0000000c nop 0x0000000d push esi 0x0000000e or si, DB21h 0x00000013 pop esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007EFE90E7CF78h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov edi, 12345FDEh 0x00000035 mov esi, dword ptr [ebp+122D2CAFh] 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 mov dword ptr [ebp+1247251Bh], eax 0x0000005d push eax 0x0000005e pushad 0x0000005f jno 00007EFE90E7CF81h 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007EFE90E7CF81h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70B55E second address: 70B564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C607 second address: 70C662 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90E7CF78h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push edi 0x0000000f js 00007EFE90E7CF76h 0x00000015 pop edi 0x00000016 pop edi 0x00000017 nop 0x00000018 ja 00007EFE90E7CF79h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007EFE90E7CF78h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 0000001Ch 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a mov ebx, edx 0x0000003c push 00000000h 0x0000003e mov ebx, dword ptr [ebp+122D240Dh] 0x00000044 xchg eax, esi 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jnp 00007EFE90E7CF76h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C662 second address: 70C67F instructions: 0x00000000 rdtsc 0x00000002 je 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e jo 00007EFE91287556h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007EFE91287556h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70D633 second address: 70D64B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90E7CF83h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70D64B second address: 70D664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jp 00007EFE9128755Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70D664 second address: 70D668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E6A7 second address: 70E721 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 jmp 00007EFE91287569h 0x00000015 popad 0x00000016 nop 0x00000017 jnc 00007EFE9128755Bh 0x0000001d push 00000000h 0x0000001f mov di, cx 0x00000022 push 00000000h 0x00000024 jmp 00007EFE91287569h 0x00000029 xchg eax, esi 0x0000002a push edx 0x0000002b push edi 0x0000002c jnp 00007EFE91287556h 0x00000032 pop edi 0x00000033 pop edx 0x00000034 push eax 0x00000035 jl 00007EFE91287562h 0x0000003b jo 00007EFE9128755Ch 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 706F95 second address: 706F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70B7CC second address: 70B7DF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007EFE91287558h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70F7D1 second address: 70F7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C7F3 second address: 70C80F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007EFE91287556h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70D813 second address: 70D8A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D1D80h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007EFE90E7CF78h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov edi, 6E724B28h 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push ecx 0x00000040 call 00007EFE90E7CF78h 0x00000045 pop ecx 0x00000046 mov dword ptr [esp+04h], ecx 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc ecx 0x00000053 push ecx 0x00000054 ret 0x00000055 pop ecx 0x00000056 ret 0x00000057 pushad 0x00000058 mov dword ptr [ebp+12458665h], ebx 0x0000005e popad 0x0000005f mov eax, dword ptr [ebp+122D1009h] 0x00000065 mov ebx, dword ptr [ebp+122D1EC4h] 0x0000006b push FFFFFFFFh 0x0000006d jp 00007EFE90E7CF7Ch 0x00000073 mov edi, dword ptr [ebp+122D2B0Bh] 0x00000079 add ebx, 735D84A1h 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push eax 0x00000083 push edx 0x00000084 pushad 0x00000085 popad 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E8C0 second address: 70E96C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007EFE91287558h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov edi, 16C2EA00h 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jmp 00007EFE91287569h 0x0000003c mov eax, dword ptr [ebp+122D1011h] 0x00000042 mov dword ptr [ebp+122D1FA3h], esi 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push edi 0x0000004d call 00007EFE91287558h 0x00000052 pop edi 0x00000053 mov dword ptr [esp+04h], edi 0x00000057 add dword ptr [esp+04h], 00000019h 0x0000005f inc edi 0x00000060 push edi 0x00000061 ret 0x00000062 pop edi 0x00000063 ret 0x00000064 and bx, 34F2h 0x00000069 sbb bx, 53C9h 0x0000006e push eax 0x0000006f pushad 0x00000070 push ebx 0x00000071 jmp 00007EFE91287564h 0x00000076 pop ebx 0x00000077 push eax 0x00000078 push edx 0x00000079 push edx 0x0000007a pop edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70B7DF second address: 70B7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70F7DA second address: 70F7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C80F second address: 70C815 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70D8A5 second address: 70D8AF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70B7E5 second address: 70B7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70F7DE second address: 70F864 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov ebx, dword ptr [ebp+122D2CAFh] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007EFE91287558h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov edi, dword ptr [ebp+122D266Ch] 0x00000034 sub ebx, dword ptr [ebp+122D2CBFh] 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007EFE91287558h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000018h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov edi, 1C74DF86h 0x0000005b xchg eax, esi 0x0000005c jmp 00007EFE9128755Eh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007EFE9128755Bh 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C815 second address: 70C81F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007EFE90E7CF76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70C90B second address: 70C90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70F9F7 second address: 70FA77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007EFE90E7CF78h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D1CBFh] 0x0000002a push dword ptr fs:[00000000h] 0x00000031 mov dword ptr [ebp+122D35CEh], eax 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e jno 00007EFE90E7CF78h 0x00000044 mov eax, dword ptr [ebp+122D05CDh] 0x0000004a mov ebx, eax 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push ebx 0x00000051 call 00007EFE90E7CF78h 0x00000056 pop ebx 0x00000057 mov dword ptr [esp+04h], ebx 0x0000005b add dword ptr [esp+04h], 0000001Ch 0x00000063 inc ebx 0x00000064 push ebx 0x00000065 ret 0x00000066 pop ebx 0x00000067 ret 0x00000068 movzx ebx, ax 0x0000006b push eax 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7116C8 second address: 7116CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7116CC second address: 7116E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE90E7CF80h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7116E6 second address: 711730 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007EFE91287556h 0x00000009 jmp 00007EFE9128755Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 sub dword ptr [ebp+1245EAA5h], ecx 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+122D1D65h] 0x00000020 push 00000000h 0x00000022 adc ebx, 737FBE56h 0x00000028 xchg eax, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007EFE91287567h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711730 second address: 711743 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007EFE90E7CF84h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711743 second address: 711747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 712652 second address: 71269F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007EFE90E7CF76h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007EFE90E7CF78h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 add di, 563Fh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 or dword ptr [ebp+12469112h], ecx 0x00000038 xchg eax, esi 0x00000039 jo 00007EFE90E7CF88h 0x0000003f push eax 0x00000040 push edx 0x00000041 jp 00007EFE90E7CF76h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71269F second address: 7126A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7126A3 second address: 7126B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007EFE90E7CF76h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713685 second address: 713724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287564h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007EFE9128755Ah 0x00000010 push eax 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop eax 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007EFE91287558h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f cmc 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007EFE91287558h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c add dword ptr [ebp+122D39C0h], edx 0x00000052 push 00000000h 0x00000054 mov dword ptr [ebp+122D3961h], edi 0x0000005a sbb edi, 75DB714Fh 0x00000060 xchg eax, esi 0x00000061 je 00007EFE9128757Bh 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007EFE91287569h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71284C second address: 712851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 712851 second address: 712858 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7146EB second address: 7146F9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFE90E7CF76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71291A second address: 712928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007EFE91287556h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7167BF second address: 716818 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007EFE90E7CF78h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 jmp 00007EFE90E7CF7Bh 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+122D1FADh], edx 0x00000030 push 00000000h 0x00000032 sub bx, A0A0h 0x00000037 xchg eax, esi 0x00000038 jnl 00007EFE90E7CF80h 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716818 second address: 71681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71887C second address: 71888C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90E7CF7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71888C second address: 71890C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE91287565h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e movsx edi, dx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007EFE91287558h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D20E9h] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007EFE91287558h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Bh 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f movzx edi, di 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 jc 00007EFE9128755Ch 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71890C second address: 718921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 je 00007EFE90E7CF76h 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 718921 second address: 718925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7159E2 second address: 7159FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90E7CF89h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719891 second address: 719896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719896 second address: 7198A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7198A3 second address: 7198A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713844 second address: 713848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713848 second address: 7138D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c mov eax, dword ptr [ebp+122D20E9h] 0x00000012 pop eax 0x00000013 or dword ptr [ebp+122D397Eh], esi 0x00000019 popad 0x0000001a push dword ptr fs:[00000000h] 0x00000021 jns 00007EFE9128755Ch 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e xor ebx, 672942BDh 0x00000034 mov eax, dword ptr [ebp+122D089Dh] 0x0000003a jmp 00007EFE91287564h 0x0000003f push FFFFFFFFh 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007EFE91287558h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 0000001Dh 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b mov di, B7F2h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jc 00007EFE91287558h 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7138D2 second address: 7138D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71A853 second address: 71A857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AA82 second address: 71AA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AA86 second address: 71AA8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AA8A second address: 71AA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71AA90 second address: 71AA95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728C54 second address: 728C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728C5A second address: 728C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728C5E second address: 728C66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728C66 second address: 728C6B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728DAE second address: 728DB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728DB2 second address: 728DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728DB8 second address: 728DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728DC2 second address: 728DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 728DC8 second address: 728DED instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90E7CF76h 0x00000008 jng 00007EFE90E7CF76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 push ebx 0x00000012 jmp 00007EFE90E7CF7Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73169D second address: 7316C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFE91287563h 0x0000000e jmp 00007EFE9128755Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEA63 second address: 6BEA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEA69 second address: 6BEA71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEA71 second address: 6BEA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BEA77 second address: 6BEA7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 734AD2 second address: 734B03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007EFE90E7CF86h 0x0000000c jmp 00007EFE90E7CF80h 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007EFE90E7CF7Fh 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 734B03 second address: 734B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a ja 00007EFE91287566h 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 734B2A second address: 734B4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 734BCF second address: 734BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 739A66 second address: 739A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007EFE90E7CF76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f jng 00007EFE90E7CF76h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 738831 second address: 73884F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Dh 0x00000009 jmp 00007EFE9128755Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73884F second address: 73885D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007EFE90E7CF76h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 738E83 second address: 738EEC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFE91287556h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jp 00007EFE9128757Ch 0x00000012 jmp 00007EFE91287568h 0x00000017 push esi 0x00000018 jmp 00007EFE91287564h 0x0000001d pop esi 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73905F second address: 739066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7391BA second address: 7391BF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 739602 second address: 739624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 ja 00007EFE90E7CFA6h 0x0000000c jnl 00007EFE90E7CF7Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007EFE90E7CF76h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7397B7 second address: 7397BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7397BB second address: 7397CA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007EFE90E7CF76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7397CA second address: 7397D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C2191 second address: 6C21A6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFE90E7CF76h 0x00000008 jmp 00007EFE90E7CF7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C21A6 second address: 6C21B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007EFE91287556h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C21B2 second address: 6C21B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742141 second address: 742155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Fh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742155 second address: 74215D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74215D second address: 74219D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE9128755Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007EFE9128755Fh 0x00000013 je 00007EFE91287556h 0x00000019 jmp 00007EFE91287563h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74219D second address: 7421A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7422FF second address: 742303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742303 second address: 742317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742317 second address: 74231B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74231B second address: 742337 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742337 second address: 74234D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFE9128755Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74289D second address: 7428A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742B23 second address: 742B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742B27 second address: 742B38 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFE90E7CF76h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742CB2 second address: 742CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007EFE91287556h 0x0000000e pop edx 0x0000000f push ebx 0x00000010 push ebx 0x00000011 jc 00007EFE91287556h 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007EFE91287556h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6E74C5 second address: 6E74CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 743238 second address: 743279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE9128755Ah 0x0000000f pushad 0x00000010 jmp 00007EFE91287566h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007EFE91287561h 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749FE1 second address: 749FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749FE8 second address: 749FF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007EFE91287556h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 748A09 second address: 748A26 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90E7CF88h 0x00000008 jmp 00007EFE90E7CF80h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74985F second address: 749864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7499DF second address: 7499F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749D49 second address: 749D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Bh 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749D61 second address: 749D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749D67 second address: 749D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 749D6D second address: 749D71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74D62A second address: 74D63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jp 00007EFE91287556h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74D63A second address: 74D656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007EFE90E7CF81h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74D656 second address: 74D65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74D65D second address: 74D662 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708291 second address: 70832F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE9128755Fh 0x00000009 popad 0x0000000a push esi 0x0000000b jmp 00007EFE9128755Ch 0x00000010 pop esi 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007EFE91287558h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f add edx, dword ptr [ebp+122D2A53h] 0x00000035 lea eax, dword ptr [ebp+1248E018h] 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007EFE91287558h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 nop 0x00000056 push eax 0x00000057 jmp 00007EFE91287561h 0x0000005c pop eax 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007EFE91287560h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70832F second address: 708335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708335 second address: 6E68C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a xor edx, 40982A0Ah 0x00000010 mov dl, 21h 0x00000012 popad 0x00000013 call dword ptr [ebp+122D28AEh] 0x00000019 push edi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7087BE second address: 7087C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708904 second address: 70890A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70890A second address: 54DADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c adc edx, 58D91B08h 0x00000012 push dword ptr [ebp+122D0B69h] 0x00000018 mov dword ptr [ebp+122D24B2h], edx 0x0000001e call dword ptr [ebp+122D263Eh] 0x00000024 pushad 0x00000025 pushad 0x00000026 jmp 00007EFE90E7CF7Bh 0x0000002b pushad 0x0000002c mov edi, dword ptr [ebp+122D2A0Fh] 0x00000032 jnc 00007EFE90E7CF76h 0x00000038 popad 0x00000039 popad 0x0000003a xor eax, eax 0x0000003c pushad 0x0000003d jmp 00007EFE90E7CF7Bh 0x00000042 mov ecx, dword ptr [ebp+122D29F3h] 0x00000048 popad 0x00000049 mov dword ptr [ebp+122D274Fh], ebx 0x0000004f mov edx, dword ptr [esp+28h] 0x00000053 cmc 0x00000054 mov dword ptr [ebp+122D2CE7h], eax 0x0000005a sub dword ptr [ebp+122D274Fh], ecx 0x00000060 pushad 0x00000061 jmp 00007EFE90E7CF7Dh 0x00000066 jno 00007EFE90E7CF7Ch 0x0000006c popad 0x0000006d mov esi, 0000003Ch 0x00000072 xor dword ptr [ebp+122D1CF4h], eax 0x00000078 add esi, dword ptr [esp+24h] 0x0000007c mov dword ptr [ebp+122D1D5Fh], eax 0x00000082 lodsw 0x00000084 mov dword ptr [ebp+122D1D5Fh], edi 0x0000008a add eax, dword ptr [esp+24h] 0x0000008e mov dword ptr [ebp+122D1CF4h], ebx 0x00000094 mov ebx, dword ptr [esp+24h] 0x00000098 mov dword ptr [ebp+122D1CF4h], esi 0x0000009e nop 0x0000009f push esi 0x000000a0 push eax 0x000000a1 push edx 0x000000a2 jns 00007EFE90E7CF76h 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708D05 second address: 708D0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708D0F second address: 708D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708D13 second address: 708D17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708D17 second address: 708D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708D24 second address: 708D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 708E35 second address: 708E85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007EFE90E7CF87h 0x0000000d nop 0x0000000e mov cx, CF80h 0x00000012 push 00000004h 0x00000014 mov edi, dword ptr [ebp+122D2A53h] 0x0000001a call 00007EFE90E7CF88h 0x0000001f pop edx 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 jl 00007EFE90E7CF76h 0x0000002a pop eax 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7091D3 second address: 709234 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D59DEh] 0x0000000e jng 00007EFE91287568h 0x00000014 push 0000001Eh 0x00000016 mov edi, dword ptr [ebp+122D2EBFh] 0x0000001c nop 0x0000001d jo 00007EFE9128756Eh 0x00000023 push esi 0x00000024 jmp 00007EFE91287566h 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007EFE91287560h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70958A second address: 70958E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70958E second address: 709594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 709594 second address: 6E74C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E7CF7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b pushad 0x0000000c jmp 00007EFE90E7CF85h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop esi 0x00000015 nop 0x00000016 mov edx, dword ptr [ebp+122D2B97h] 0x0000001c call dword ptr [ebp+122D209Fh] 0x00000022 push eax 0x00000023 push edx 0x00000024 jg 00007EFE90E7CF82h 0x0000002a push eax 0x0000002b push edx 0x0000002c jns 00007EFE90E7CF76h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74DD0A second address: 74DD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74DD0E second address: 74DD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007EFE90E2C7C5h 0x0000000f ja 00007EFE90E2C7B8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74DD35 second address: 74DD3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74DD3B second address: 74DD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E02F second address: 74E03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E2D5 second address: 74E2D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 751D30 second address: 751D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 751D36 second address: 751D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90E2C7BDh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 751D48 second address: 751D52 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90BCC49Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75504B second address: 755051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 755051 second address: 75506B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75506B second address: 755098 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C3h 0x00000007 pushad 0x00000008 jmp 00007EFE90E2C7BFh 0x0000000d jl 00007EFE90E2C7B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7549AF second address: 7549BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFE90BCC496h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7549BC second address: 7549C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7549C1 second address: 7549C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754B59 second address: 754B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754B5F second address: 754B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754B63 second address: 754B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 754CD3 second address: 754D21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90BCC49Bh 0x00000008 push esi 0x00000009 pop esi 0x0000000a jc 00007EFE90BCC496h 0x00000010 popad 0x00000011 push esi 0x00000012 jnc 00007EFE90BCC496h 0x00000018 jmp 00007EFE90BCC49Fh 0x0000001d pop esi 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 push edi 0x00000022 jmp 00007EFE90BCC4A8h 0x00000027 pop edi 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7574EC second address: 7574FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFE90E2C7BAh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7570B9 second address: 7570DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC49Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007EFE90BCC4A0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75C9FE second address: 75CA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jns 00007EFE90E2C7B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75CA0A second address: 75CA32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007EFE90BCC4A1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75CBAF second address: 75CBB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B01 second address: 760B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B07 second address: 760B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B0B second address: 760B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B1D second address: 760B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B21 second address: 760B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 760B25 second address: 760B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E0B second address: 765E35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007EFE90BCC496h 0x0000000f jmp 00007EFE90BCC49Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E35 second address: 765E3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E3B second address: 765E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 je 00007EFE90BCC49Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765F88 second address: 765F94 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007EFE90E2C7B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765F94 second address: 765F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 709068 second address: 70906D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70906D second address: 70907E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90BCC49Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 766D73 second address: 766D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007EFE90E2C7B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 766D7D second address: 766D81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 766D81 second address: 766D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFE90E2C7B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 766D91 second address: 766D95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DA0A second address: 76DA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DA0E second address: 76DA18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DA18 second address: 76DA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DA1C second address: 76DA2B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007EFE90BCC496h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DCB5 second address: 76DCD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90E2C7BBh 0x00000009 popad 0x0000000a jmp 00007EFE90E2C7BAh 0x0000000f js 00007EFE90E2C7BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76DCD7 second address: 76DD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFE90BCC4A9h 0x0000000c jmp 00007EFE90BCC4A0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76E24A second address: 76E268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76E547 second address: 76E566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFE90BCC49Fh 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76E566 second address: 76E582 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90E2C7B6h 0x00000008 jmp 00007EFE90E2C7BAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jg 00007EFE90E2C7B8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76EA95 second address: 76EACD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007EFE90BCC498h 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 popad 0x00000014 pushad 0x00000015 push ebx 0x00000016 push edx 0x00000017 pop edx 0x00000018 push edi 0x00000019 pop edi 0x0000001a pop ebx 0x0000001b pushad 0x0000001c je 00007EFE90BCC496h 0x00000022 jnp 00007EFE90BCC496h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76EACD second address: 76EAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007EFE90E2C7C9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77B187 second address: 77B1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A8h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77B1A4 second address: 77B1B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007EFE90E2C7B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77B1B0 second address: 77B1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A6AB second address: 77A6B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007EFE90E2C7C6h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A6B9 second address: 77A6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A803 second address: 77A807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A807 second address: 77A83D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jng 00007EFE90BCC496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jnc 00007EFE90BCC496h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007EFE90BCC4A9h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A83D second address: 77A841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A841 second address: 77A847 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A847 second address: 77A84F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A84F second address: 77A853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77AC3F second address: 77AC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77AC44 second address: 77AC5C instructions: 0x00000000 rdtsc 0x00000002 je 00007EFE90BCC4A2h 0x00000008 je 00007EFE90BCC496h 0x0000000e jnc 00007EFE90BCC496h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77AC5C second address: 77AC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77DC2A second address: 77DC2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77DC2E second address: 77DC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 785D15 second address: 785D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007EFE90BCC496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007EFE90BCC4A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007EFE90BCC49Eh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d jnp 00007EFE90BCC496h 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78432B second address: 784331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784331 second address: 78434E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 js 00007EFE90BCC49Eh 0x0000000f js 00007EFE90BCC496h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78434E second address: 784388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007EFE90E2C7D0h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7848FA second address: 784904 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFE90BCC496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784A4E second address: 784A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784A54 second address: 784A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jc 00007EFE90BCC496h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784A62 second address: 784A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007EFE90E2C7BEh 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784BF5 second address: 784C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pushad 0x0000000a jnc 00007EFE90BCC498h 0x00000010 jmp 00007EFE90BCC49Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007EFE90BCC496h 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784C1C second address: 784C39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 784C39 second address: 784C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90BCC4A7h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 785B9D second address: 785BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 783B36 second address: 783B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007EFE90BCC49Eh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 783B48 second address: 783B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 798936 second address: 798957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007EFE90BCC4A9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79DAAE second address: 79DAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79DAB2 second address: 79DACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90BCC4A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007EFE90BCC498h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79DACF second address: 79DAD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79DAD4 second address: 79DAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007EFE90BCC496h 0x0000000a jne 00007EFE90BCC496h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79DAE9 second address: 79DB03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90E2C7C6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A1210 second address: 7A122A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90B8E8CCh 0x00000007 jo 00007EFE90B8E8C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A122A second address: 7A122E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A122E second address: 7A1234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A6B0A second address: 7A6B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90C25162h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFE90C2515Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4D7E second address: 7B4D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4D87 second address: 7B4D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4D8B second address: 7B4D9B instructions: 0x00000000 rdtsc 0x00000002 js 00007EFE90B8E8C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4EE0 second address: 7B4EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4EE4 second address: 7B4F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90B8E8D0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007EFE90B8E8CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B4F02 second address: 7B4F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007EFE90C25169h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B51FC second address: 7B5227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jnc 00007EFE90B8E8DAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B5227 second address: 7B522D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B5680 second address: 7B568A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007EFE90B8E8C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BA057 second address: 7BA06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007EFE90C2515Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BA06D second address: 7BA082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFE90B8E8D0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BCCD0 second address: 7BCCD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BC83A second address: 7BC845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BC845 second address: 7BC852 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7BC99C second address: 7BC9A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C680D second address: 7C6817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C6817 second address: 7C681D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C8050 second address: 7C8056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBE32 second address: 7CBE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007EFE90B8E8CEh 0x0000000b jo 00007EFE90B8E8C6h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007EFE90B8E8C6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E0756 second address: 7E0769 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFE90C2515Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E08FC second address: 7E0917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007EFE90B8E8D2h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E943A second address: 7E944C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFE90C2515Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7EAE12 second address: 7EAE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007EFE90B8E8C6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7EE726 second address: 7EE740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFE90C25166h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E4083 second address: 7E408C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7039CE second address: 7039D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 54DB40 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 6F7573 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 71C69E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7084A0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 78CF81 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4B20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4CD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6CD0000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D227F rdtsc 0_2_006D227F
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2268 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2294410341.00000000006D7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006D227F rdtsc 0_2_006D227F
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054B7DA LdrInitializeThunk, 0_2_0054B7DA
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, 00000000.00000002.2294663595.0000000000726000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00723101 GetSystemTime,GetFileTime, 0_2_00723101

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561630 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 12 tse1.mm.bing.net 2->12 14 ax-0001.ax-msedge.net 2->14 16 Machine Learning detection for sample 2->16 18 PE file contains section with special chars 2->18 20 AI detected suspicious sample 2->20 6 file.exe 9 1 2->6         started        signatures3 process4 file5 10 C:\Users\user\AppData\Local\...\file.exe.log, CSV 6->10 dropped 22 Detected unpacking (changes PE section rights) 6->22 24 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->24 26 Modifies windows update settings 6->26 28 8 other signatures 6->28 signatures6
No contacted IP infos

Contacted Domains

Name IP Active
ax-0001.ax-msedge.net 150.171.27.10 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
tse1.mm.bing.net unknown unknown