Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1561818
MD5:	c7ffd9f68af166bc332ad19be70c3b5c
SHA1:	e19af1c281e963bdb378dd17b84706c51a87bb19
SHA256:	0b2957e10a9d6c29a680e112571ea46be5fedeac0ecc6f0097337f40d61a4cb1
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Suricata IDS alerts for network traffic

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.8:49705 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FEBC9D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], bl	0_2_00FECF05
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+14h]	0_2_00FE98F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h]	0_2_00FEE0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00FEC02B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_0101B860
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_01000870
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+14h]	0_2_00FEE970
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, eax	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00FEEA38
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-65h]	0_2_00FEE35B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebp	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebp	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_01008CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h	0_2_0101BCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx]	0_2_00FEAD00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch]	0_2_01020F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h]	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [edi]	0_2_01005E90

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49705 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49705 -> 172.67.162.84:443

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 172.67.162.84 172.67.162.84

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 172.67.162.84:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: property-imper.sbs

Source: unknown

Source: file.exe, 00000000.00000002.1576433185.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1574657240.0000000001B8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m8
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/Q
Source: file.exe, 00000000.00000002.1576433185.0000000001B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000002.1576433185.0000000001ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiS
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/q

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.8:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01019030	0_2_01019030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE89A0	0_2_00FE89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FECF05	0_2_00FECF05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE98F0	0_2_00FE98F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE0D8	0_2_00FEE0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964	0_2_011A1964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B59B3	0_2_011B59B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0112E1A4	0_2_0112E1A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4040	0_2_00FE4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6840	0_2_00FE6840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011949D1	0_2_011949D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A69D5	0_2_011A69D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010141D0	0_2_010141D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0147B199	0_2_0147B199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AF002	0_2_011AF002
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C040	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE61A0	0_2_00FE61A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000870	0_2_01000870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE970	0_2_00FEE970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AA0AD	0_2_011AA0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101F8D0	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101B8E0	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE5AC9	0_2_00FE5AC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4AC0	0_2_00FE4AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEB210	0_2_00FEB210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9210	0_2_00FE9210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0125E27D	0_2_0125E27D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE2B80	0_2_00FE2B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFFB60	0_2_00FFFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B0AB8	0_2_011B0AB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFDB30	0_2_00FFDB30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011ABAF0	0_2_011ABAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0119E2E9	0_2_0119E2E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE94D0	0_2_00FE94D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6CC0	0_2_00FE6CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A8551	0_2_011A8551
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE5C90	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01003D70	0_2_01003D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01021580	0_2_01021580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012265B7	0_2_012265B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108FDB8	0_2_0108FDB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AD5A9	0_2_011AD5A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE542C	0_2_00FE542C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A3414	0_2_011A3414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B247A	0_2_011B247A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A0C70	0_2_011A0C70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE3580	0_2_00FE3580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01020C80	0_2_01020C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008CB0	0_2_01008CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF9530	0_2_00FF9530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B74CD	0_2_011B74CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010124E0	0_2_010124E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEAD00	0_2_00FEAD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01020F60	0_2_01020F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008770	0_2_01008770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C780	0_2_0101C780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001790	0_2_01001790
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B3F84	0_2_011B3F84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010187B0	0_2_010187B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A4FC3	0_2_011A4FC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011DEFF7	0_2_011DEFF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007E20	0_2_01007E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE77D0	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE27D0	0_2_00FE27D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000650	0_2_01000650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01005E90	0_2_01005E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BB693	0_2_010BB693

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9992699795081967
Source: file.exe	Static PE information: Section: fwtvsnnj ZLIB complexity 0.9945599099864131

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_010127B0 CoCreateInstance,

0_2_010127B0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1867776 > 1048576

Source: file.exe

Static PE information: Raw size of fwtvsnnj is bigger than: 0x100000 < 0x19e000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.fe0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fwtvsnnj:EW;vcdokcsv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fwtvsnnj:EW;vcdokcsv:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1ccef5 should be: 0x1d6134

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: fwtvsnnj
Source: file.exe	Static PE information: section name: vcdokcsv
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push edi; mov dword ptr [esp], ecx	0_2_0104B18F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 63B035C0h; mov dword ptr [esp], ecx	0_2_0104B1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 6AF25632h; mov dword ptr [esp], eax	0_2_0104B29D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 2B666A9Ch; mov dword ptr [esp], ecx	0_2_0104B30B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], edi	0_2_011A1983
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], 5B79F75Ah	0_2_011A19DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 5C3D0EA0h; mov dword ptr [esp], edi	0_2_011A19FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 17CAFFE1h; mov dword ptr [esp], esi	0_2_011A1A5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], eax	0_2_011A1B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 36DB771Bh; mov dword ptr [esp], ebx	0_2_011A1B4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], ebx	0_2_011A1BE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 53139CA7h; mov dword ptr [esp], ecx	0_2_011A1C54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], esi	0_2_011A1CDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 3EBD3286h; mov dword ptr [esp], ebp	0_2_011A1D4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push esi; mov dword ptr [esp], 55DFC73Bh	0_2_011A1D7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], ebx	0_2_011A1DA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 6CCF596Eh; mov dword ptr [esp], ecx	0_2_011A1DAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 6C3D16EAh; mov dword ptr [esp], ecx	0_2_011A1DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 700761F3h; mov dword ptr [esp], ebx	0_2_011A1E7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ecx; mov dword ptr [esp], ebx	0_2_011A1E9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], ecx	0_2_011A1EB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], 5BDD07BCh	0_2_011A1EB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 27DC5529h; mov dword ptr [esp], edi	0_2_011A1EE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], ecx	0_2_011A1F26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], eax	0_2_011A1FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edx; mov dword ptr [esp], ebx	0_2_011A1FFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ecx; mov dword ptr [esp], 7D765F1Ah	0_2_011A2001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], 2DB3F096h	0_2_011A2018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 19FE5A3Ch; mov dword ptr [esp], ebx	0_2_011A203C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], edx	0_2_011A2078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], edx	0_2_011A208D

Source: file.exe	Static PE information: section name: entropy: 7.982113095110462
Source: file.exe	Static PE information: section name: fwtvsnnj entropy: 7.953020845003473

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103C9D1 second address: 103C9D6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCECA second address: 11BCEE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c push edx 0x0000000d jns 00007F9668C559D6h 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCEE2 second address: 11BCEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCEE8 second address: 11BCEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB35 second address: 11AEB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB3E second address: 11AEB42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB42 second address: 11AEB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9668BCCCCDh 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB5A second address: 11AEB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE8C7 second address: 11BE8FC instructions: 0x00000000 rdtsc 0x00000002 js 00007F9668BCCCC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d push eax 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 js 00007F9668BCCCC6h 0x0000001a popad 0x0000001b popad 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jbe 00007F9668BCCCD1h 0x00000028 jmp 00007F9668BCCCCBh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE8FC second address: 103C9D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a movsx ecx, bx 0x0000000d push dword ptr [ebp+122D1731h] 0x00000013 jbe 00007F9668C559DCh 0x00000019 mov dword ptr [ebp+122D278Ch], eax 0x0000001f call dword ptr [ebp+122D2780h] 0x00000025 pushad 0x00000026 pushad 0x00000027 pushad 0x00000028 or di, 6651h 0x0000002d xor dword ptr [ebp+122D1D7Ah], ebx 0x00000033 popad 0x00000034 mov esi, dword ptr [ebp+122D3678h] 0x0000003a popad 0x0000003b xor eax, eax 0x0000003d stc 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 jbe 00007F9668C559E2h 0x00000048 jbe 00007F9668C559DCh 0x0000004e mov dword ptr [ebp+122D3640h], eax 0x00000054 jo 00007F9668C559EDh 0x0000005a jp 00007F9668C559E7h 0x00000060 mov esi, 0000003Ch 0x00000065 jg 00007F9668C559E2h 0x0000006b jp 00007F9668C559DCh 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 cld 0x00000076 lodsw 0x00000078 jmp 00007F9668C559E2h 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 pushad 0x00000082 add dword ptr [ebp+122D1D86h], ebx 0x00000088 popad 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d jnp 00007F9668C559ECh 0x00000093 jmp 00007F9668C559E6h 0x00000098 nop 0x00000099 push eax 0x0000009a push edx 0x0000009b jmp 00007F9668C559DEh 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE950 second address: 11BEA03 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668BCCCDEh 0x00000008 jmp 00007F9668BCCCD8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F9668BCCCCEh 0x00000015 nop 0x00000016 mov ecx, dword ptr [ebp+122D3644h] 0x0000001c push 00000000h 0x0000001e mov dword ptr [ebp+122D1E0Ah], eax 0x00000024 push 4A054E08h 0x00000029 pushad 0x0000002a pushad 0x0000002b push eax 0x0000002c pop eax 0x0000002d jmp 00007F9668BCCCD0h 0x00000032 popad 0x00000033 js 00007F9668BCCCD5h 0x00000039 popad 0x0000003a xor dword ptr [esp], 4A054E88h 0x00000041 movsx edx, ax 0x00000044 push 00000003h 0x00000046 jmp 00007F9668BCCCCFh 0x0000004b mov cx, bx 0x0000004e push 00000000h 0x00000050 or dword ptr [ebp+122D270Bh], edx 0x00000056 push 00000003h 0x00000058 mov edi, dword ptr [ebp+122D35DCh] 0x0000005e mov dword ptr [ebp+122D1C1Fh], eax 0x00000064 push D52EB831h 0x00000069 push eax 0x0000006a push edx 0x0000006b push ebx 0x0000006c js 00007F9668BCCCC6h 0x00000072 pop ebx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEA03 second address: 11BEA08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEA08 second address: 11BEA6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 152EB831h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F9668BCCCC8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+124557BCh] 0x00000030 jmp 00007F9668BCCCD2h 0x00000035 push esi 0x00000036 mov edx, dword ptr [ebp+122D19FCh] 0x0000003c pop ecx 0x0000003d push eax 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F9668BCCCD3h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEBFD second address: 11BEC03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BECD6 second address: 11BED05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov dx, cx 0x0000000b mov dword ptr [ebp+122D34CDh], ebx 0x00000011 push 00000000h 0x00000013 mov edi, dword ptr [ebp+122D3718h] 0x00000019 push E669A1A9h 0x0000001e pushad 0x0000001f jc 00007F9668BCCCCCh 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BED05 second address: 11BED09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFCAA second address: 11DFCD3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F9668BCCCCEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F9668BCCCD2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE140 second address: 11DE160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9668C559DBh 0x0000000c jmp 00007F9668C559DEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE160 second address: 11DE164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE529 second address: 11DE533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE533 second address: 11DE537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE537 second address: 11DE543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9668C559D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE543 second address: 11DE549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE549 second address: 11DE54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE6EE second address: 11DE6F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB45 second address: 11DEB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E3h 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F9668C559D6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB66 second address: 11DEB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF3F7 second address: 11DF438 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9668C559D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9668C559E7h 0x00000016 jmp 00007F9668C559E9h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF438 second address: 11DF442 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6C4 second address: 11DF6C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6C8 second address: 11DF6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6D0 second address: 11DF6F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007F9668C559D6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F9668C559D6h 0x00000012 jmp 00007F9668C559DFh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6F1 second address: 11DF6F7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFADB second address: 11DFAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFAE4 second address: 11DFAEE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9668BCCCDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3650 second address: 11E3671 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F9668C559E4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3671 second address: 11E3675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24CD second address: 11E24DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24DE second address: 11E24E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9668BCCCC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24E8 second address: 11E24FF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668C559D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F9668C559D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24FF second address: 11E2505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB65F second address: 11EB685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668C559DCh 0x0000000b jns 00007F9668C559D6h 0x00000011 jmp 00007F9668C559DDh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC74 second address: 11EAC79 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC79 second address: 11EAC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559DBh 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC90 second address: 11EAC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAFBE second address: 11EAFC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAFC2 second address: 11EAFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F9668BCCCC6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB289 second address: 11EB28E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3E6 second address: 11ED3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3EB second address: 11ED3F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3F2 second address: 11ED402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5B2 second address: 11ED5B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5B8 second address: 11ED5BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5BC second address: 11ED5C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED96E second address: 11ED974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED974 second address: 11ED978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE47 second address: 11EDE62 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9668BCCCCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F9668BCCCC8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE62 second address: 11EDEA3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668C559D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F9668C559D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, ecx 0x00000029 push eax 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F9668C559DFh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDF4F second address: 11EDF61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDF61 second address: 11EDF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE160 second address: 11EE164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE80A second address: 11EE80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF2EB second address: 11EF314 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9668BCCCCCh 0x00000008 je 00007F9668BCCCC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 jmp 00007F9668BCCCD1h 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F022E second address: 11F0232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0232 second address: 11F0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0238 second address: 11F025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F186E second address: 11F188A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F9668BCCCD6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0B91 second address: 11F0B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DB3 second address: 11F2DBD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DBD second address: 11F2DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DC3 second address: 11F2DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F373C second address: 11F3741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3741 second address: 11F37A2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d mov esi, dword ptr [ebp+122D28BBh] 0x00000013 mov dword ptr [ebp+1246FB1Fh], edx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F9668BCCCC8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov esi, 18D37B59h 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c pushad 0x0000003d jmp 00007F9668BCCCD4h 0x00000042 push edi 0x00000043 pop edi 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F37A2 second address: 11F37A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F790A second address: 11F7962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b mov bx, 31DFh 0x0000000f push eax 0x00000010 push edx 0x00000011 movzx edi, si 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F9668BCCCC8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 mov ebx, eax 0x00000034 xchg eax, esi 0x00000035 pushad 0x00000036 jmp 00007F9668BCCCD7h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e pop eax 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3501 second address: 11F3505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3FDF second address: 11F3FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F7962 second address: 11F7966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3FE5 second address: 11F3FEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F8909 second address: 11F890F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA895 second address: 11FA8D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bx, si 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+1247BCC8h], edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F9668BCCCC8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 jng 00007F9668BCCCC8h 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA8D2 second address: 11FA8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FB8E6 second address: 11FB962 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c jmp 00007F9668BCCCCFh 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F9668BCCCC8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F9668BCCCC8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 sub di, 755Bh 0x0000004d sub dword ptr [ebp+1247E199h], edx 0x00000053 xor edi, dword ptr [ebp+122D3744h] 0x00000059 push 00000000h 0x0000005b mov di, 6E4Ch 0x0000005f xchg eax, esi 0x00000060 push esi 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FB962 second address: 11FB968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FCA9D second address: 11FCAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F9668BCCCC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA24 second address: 11FDA29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12016A9 second address: 1201727 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 jmp 00007F9668BCCCD5h 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F9668BCCCC8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F9668BCCCC8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 sub dword ptr [ebp+122D29B7h], eax 0x0000004b push 00000000h 0x0000004d sub ebx, dword ptr [ebp+122D3750h] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F9668BCCCD1h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201727 second address: 1201731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201731 second address: 1201735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120072F second address: 1200735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120185E second address: 1201867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202836 second address: 120283C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200735 second address: 120073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203632 second address: 12036D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F9668C559D6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F9668C559D8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+122D1DD2h] 0x00000031 push 00000000h 0x00000033 mov bx, 4203h 0x00000037 jmp 00007F9668C559E5h 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007F9668C559D8h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 00000014h 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 jmp 00007F9668C559E5h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F9668C559E5h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201867 second address: 120186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120073A second address: 1200740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12036D0 second address: 12036DA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200740 second address: 1200744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12028CB second address: 12028D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200744 second address: 1200748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12028D1 second address: 12028EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668BCCCD5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204683 second address: 1204688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203901 second address: 1203913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204688 second address: 120468E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203913 second address: 1203918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120468E second address: 120469B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203918 second address: 120391E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120469B second address: 12046E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ebx 0x00000008 nop 0x00000009 sub edi, dword ptr [ebp+122D3808h] 0x0000000f push 00000000h 0x00000011 mov di, dx 0x00000014 and ebx, dword ptr [ebp+122D18D9h] 0x0000001a push 00000000h 0x0000001c mov ebx, 3D3BA420h 0x00000021 xchg eax, esi 0x00000022 jp 00007F9668C559DCh 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jg 00007F9668C559EDh 0x00000031 jmp 00007F9668C559E7h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205766 second address: 120576B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206889 second address: 1206899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F9668C559D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12058AB second address: 12058B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12059A1 second address: 12059AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12059AB second address: 12059AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9C02 second address: 11A9C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9C09 second address: 11A9C24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668BCCCD7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210769 second address: 1210774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210774 second address: 1210780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9668BCCCC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210780 second address: 1210784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12102EF second address: 1210320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F9668BCCCDFh 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F9668BCCCD7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210320 second address: 1210326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210326 second address: 121032A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121032A second address: 121032E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121592D second address: 1215932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119F96B second address: 119F975 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668C559D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219ABC second address: 1219AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9668BCCCD5h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F9668BCCCC6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C3D second address: 1219C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C43 second address: 1219C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C47 second address: 1219C60 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F9668C559E1h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C60 second address: 1219C84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jns 00007F9668BCCCC6h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C84 second address: 1219CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668C559E9h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219DDD second address: 1219DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F9668BCCCC6h 0x0000000c popad 0x0000000d popad 0x0000000e jnp 00007F9668BCCCD4h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219F5E second address: 1219F77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F9668C559E3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219F77 second address: 1219F83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007F9668BCCCC6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A0D9 second address: 121A0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A0E1 second address: 121A10A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c jmp 00007F9668BCCCCEh 0x00000011 je 00007F9668BCCCCCh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A27C second address: 121A2AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E6h 0x00000007 jmp 00007F9668C559DFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007F9668C55A01h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A2AF second address: 121A2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3A8D second address: 11B3AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F9668C559E0h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E722 second address: 121E726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E726 second address: 121E755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9668C559E3h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8BD second address: 121E8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8C1 second address: 121E8D1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9668C559D6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8D1 second address: 121E8EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8EE second address: 121E8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8F8 second address: 121E8FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECC2 second address: 121ECC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECC8 second address: 121ECCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECCC second address: 121ECD7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECD7 second address: 121ECDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECDD second address: 121ECE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E419 second address: 121E41F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E41F second address: 121E42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E42B second address: 121E463 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD2h 0x00000007 jc 00007F9668BCCCC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F9668BCCCD9h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F0F2 second address: 121F0F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F0F7 second address: 121F111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9668BCCCC6h 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F111 second address: 121F116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F28E second address: 121F299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9668BCCCC6h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F48AC second address: 11F48B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5375 second address: 11F537F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F56D9 second address: 11F56E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F9668C559D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F56E7 second address: 11F56FB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58BC second address: 11F58C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58C0 second address: 11F58C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58C6 second address: 11F58CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A4B second address: 11F5A51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A51 second address: 11F5A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A60 second address: 11F5A66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A66 second address: 11F5A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A6C second address: 11F5A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A70 second address: 11F5A74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5BAD second address: 11F5BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9668BCCCC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5BB8 second address: 11F5C50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a ja 00007F9668C559EFh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F9668C559D8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D1DFAh], ebx 0x00000031 lea eax, dword ptr [ebp+1248B624h] 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F9668C559D8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 je 00007F9668C559D6h 0x00000057 push eax 0x00000058 push edi 0x00000059 push eax 0x0000005a push edx 0x0000005b jp 00007F9668C559D6h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5C50 second address: 11F5CB3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f jo 00007F9668BCCCC9h 0x00000015 movzx esi, dx 0x00000018 mov edi, 31AE1F14h 0x0000001d popad 0x0000001e lea eax, dword ptr [ebp+1248B5E0h] 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F9668BCCCC8h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F9668BCCCD7h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226191 second address: 1226196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226196 second address: 12261A0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9668BCCCCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12261A0 second address: 12261A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226562 second address: 1226577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F9668BCCCC6h 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226577 second address: 122657B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122657B second address: 122658B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F9668BCCCC6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226708 second address: 122670E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122670E second address: 122673C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F9668BCCCC8h 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F9668BCCCD7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122673C second address: 1226740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226740 second address: 1226746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12268A7 second address: 12268E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F9668C559E3h 0x00000013 js 00007F9668C559D6h 0x00000019 popad 0x0000001a push ebx 0x0000001b jmp 00007F9668C559DFh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B6A second address: 1226B78 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F9668BCCCC8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B78 second address: 1226B7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B7E second address: 1226B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BED6 second address: 122BEDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEDA second address: 122BEE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEE0 second address: 122BEE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEE6 second address: 122BEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEEC second address: 122BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C04F second address: 122C060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F9668BCCCCCh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C060 second address: 122C097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E7h 0x00000007 jp 00007F9668C559DEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push edi 0x00000016 jg 00007F9668C559D6h 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C1E4 second address: 122C1F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9668BCCCC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C33F second address: 122C34F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F9668C559D6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4CA second address: 122C4E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F9668BCCCC6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F9668BCCCCAh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4E4 second address: 122C4EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4EA second address: 122C4EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C631 second address: 122C637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C637 second address: 122C63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C913 second address: 122C919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CBFF second address: 122CC05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CE87 second address: 122CEBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9668C559E8h 0x00000008 jmp 00007F9668C559DFh 0x0000000d jl 00007F9668C559D6h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CEBE second address: 122CED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jg 00007F9668BCCCCEh 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D354 second address: 122D36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D36D second address: 122D371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D371 second address: 122D377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBB0 second address: 122BBD1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9668BCCCD1h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBD1 second address: 122BBDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBDA second address: 122BC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 ja 00007F9668BCCCECh 0x0000000c je 00007F9668BCCCD2h 0x00000012 push ebx 0x00000013 jmp 00007F9668BCCCCCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EF54 second address: 122EF8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnl 00007F9668C559E7h 0x0000000b jmp 00007F9668C559E1h 0x00000010 pushad 0x00000011 jmp 00007F9668C559E8h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1231B69 second address: 1231B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DDDB second address: 119DDE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DDE1 second address: 119DE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668BCCCD4h 0x0000000b jmp 00007F9668BCCCCCh 0x00000010 jnp 00007F9668BCCCC6h 0x00000016 popad 0x00000017 pop ecx 0x00000018 jbe 00007F9668BCCCE4h 0x0000001e pushad 0x0000001f jbe 00007F9668BCCCC6h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE1E second address: 119DE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235808 second address: 123580D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123580D second address: 123582B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668C559E8h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12353AB second address: 12353AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237B70 second address: 1237B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123772F second address: 123774E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668BCCCD0h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007F9668BCCCC6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123774E second address: 1237754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237754 second address: 1237758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237758 second address: 1237777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007F9668C559E0h 0x00000010 pop ecx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237777 second address: 123777D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123777D second address: 1237782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123AF92 second address: 123AFAD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F9668BCCCCEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123B125 second address: 123B147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 jmp 00007F9668C559E5h 0x0000000b pop edi 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243889 second address: 1243898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007F9668BCCCCAh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243898 second address: 124389F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12439CD second address: 1243A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 jmp 00007F9668BCCCD1h 0x00000016 push ecx 0x00000017 jmp 00007F9668BCCCD7h 0x0000001c pop ecx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243A21 second address: 1243A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243A3C second address: 1243A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F9668BCCCC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243BA2 second address: 1243BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5509 second address: 11F5512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5512 second address: 11F556F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jl 00007F9668C559D6h 0x0000000f mov ebx, dword ptr [ebp+1248B61Fh] 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F9668C559D8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f jmp 00007F9668C559E3h 0x00000034 add eax, ebx 0x00000036 sbb edi, 1D0B1A77h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jnl 00007F9668C559D8h 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244131 second address: 1244154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCD3h 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F9668BCCCC6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244154 second address: 124415A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124415A second address: 124416D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 jmp 00007F9668BCCCCAh 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124416D second address: 1244176 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BA5 second address: 1244BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BAB second address: 1244BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BAF second address: 1244BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BB3 second address: 1244BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124CF31 second address: 124CF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F9668BCCCD1h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9668BCCCCDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D266 second address: 124D27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D56D second address: 124D577 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D577 second address: 124D586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F9668C559D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1250A9D second address: 1250AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125119E second address: 12511A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12511A5 second address: 12511D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F9668BCCCCEh 0x00000010 pushad 0x00000011 jmp 00007F9668BCCCCCh 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a push esi 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125149A second address: 125149E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125149E second address: 12514C6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668BCCCC6h 0x00000008 jmp 00007F9668BCCCD8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12514C6 second address: 12514CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1255D52 second address: 1255D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F9668BCCCD5h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125F1AB second address: 125F1C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F9668C559E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D96A second address: 125D976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9668BCCCC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D976 second address: 125D988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F9668C559DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D988 second address: 125D996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9668BCCCCEh 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D996 second address: 125D99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D99A second address: 125D99F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DAC6 second address: 125DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F9668C559DCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DAD7 second address: 125DADE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDBA second address: 125DDBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDBE second address: 125DDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F9668BCCCD2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDCC second address: 125DDD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDD2 second address: 125DDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDD6 second address: 125DDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF1A second address: 125DF3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF3A second address: 125DF46 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668C559D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF46 second address: 125DF59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCDh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E8FF second address: 125E904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E904 second address: 125E92F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push edi 0x00000009 jmp 00007F9668BCCCD5h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 jne 00007F9668BCCCC6h 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E92F second address: 125E935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E935 second address: 125E939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125CF49 second address: 125CF7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F9668C559DCh 0x0000000f jmp 00007F9668C559E2h 0x00000014 jo 00007F9668C559D6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264B94 second address: 1264B9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264B9B second address: 1264BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9668C559DBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264566 second address: 126456A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126456A second address: 1264581 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DDh 0x00000007 jnp 00007F9668C559D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12646F0 second address: 1264706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9668BCCCD0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264874 second address: 126487C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126487C second address: 12648A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCCBh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F9668BCCCCEh 0x00000014 jp 00007F9668BCCCC6h 0x0000001a popad 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127142B second address: 127145A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F9668C559D6h 0x00000011 jo 00007F9668C559D6h 0x00000017 popad 0x00000018 pushad 0x00000019 jne 00007F9668C559D6h 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12749EF second address: 12749F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12743E2 second address: 12743FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12743FD second address: 1274424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9668BCCCC6h 0x0000000a popad 0x0000000b jmp 00007F9668BCCCD4h 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F9668BCCCC6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274424 second address: 1274437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007F9668C559EAh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274437 second address: 127443B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274593 second address: 1274597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274597 second address: 12745B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1278079 second address: 1278081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1278081 second address: 127808B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127808B second address: 12780A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push ecx 0x00000009 jmp 00007F9668C559DFh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127D3EE second address: 127D3F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127D3F2 second address: 127D408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F9668C559D8h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F9668C559D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1285642 second address: 1285648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1285648 second address: 128564E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129035C second address: 1290362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128EF79 second address: 128EFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E8h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F9668C559D6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F25B second address: 128F261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F261 second address: 128F265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F3FF second address: 128F405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1290092 second address: 1290097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1290097 second address: 12900AE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668BCCCCCh 0x00000008 js 00007F9668BCCCC6h 0x0000000e pushad 0x0000000f jg 00007F9668BCCCC6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129291A second address: 1292934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129485C second address: 1294878 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD0h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1294878 second address: 129487C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129487C second address: 12948A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jng 00007F9668BCCCEDh 0x0000000f jmp 00007F9668BCCCD9h 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12943BA second address: 12943C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129451D second address: 1294559 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9668BCCCCEh 0x00000008 ja 00007F9668BCCCC6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F9668BCCCC8h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b jmp 00007F9668BCCCD8h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129D4A1 second address: 129D4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129D4A5 second address: 129D4C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F1F1 second address: 129F1FB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9668C559E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F1FB second address: 129F20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9668BCCCC6h 0x0000000a jbe 00007F9668BCCCCCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F20D second address: 129F218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F218 second address: 129F21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B060B second address: 12B0619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B0619 second address: 12B0623 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9668BCCCCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B41C8 second address: 12B41CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B41CC second address: 12B41D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CC651 second address: 12CC666 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9668C559D6h 0x00000008 jc 00007F9668C559D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CC666 second address: 12CC6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCD7h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007F9668BCCCC6h 0x00000013 jmp 00007F9668BCCCD6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CB724 second address: 12CB72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CB87F second address: 12CB883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CBBB6 second address: 12CBBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CDC2C second address: 12CDC31 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0808 second address: 12D0817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0A3C second address: 12D0AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F9668BCCCD9h 0x0000000f nop 0x00000010 or dword ptr [ebp+122D1DF3h], edx 0x00000016 push dword ptr [ebp+122D1812h] 0x0000001c movsx edx, dx 0x0000001f call 00007F9668BCCCC9h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 jmp 00007F9668BCCCD6h 0x0000002c pop eax 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AA4 second address: 12D0AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AA9 second address: 12D0AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9668BCCCC6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F9668BCCCCFh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a jno 00007F9668BCCCC6h 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AD4 second address: 12D0AF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AF7 second address: 12D0AFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AFB second address: 12D0B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D1E73 second address: 12D1E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D1E79 second address: 12D1E9C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F9668C559D6h 0x0000000d jmp 00007F9668C559E4h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D3E3A second address: 12D3E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9668BCCCCAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFD0A second address: 11EFD10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103CA46 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103C947 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103A1A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11F4932 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 12675C4 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 7044	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7044	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW;
Source: file.exe, 00000000.00000002.1576433185.0000000001B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0101DF70 LdrInitializeThunk,

0_2_0101DF70

Source: file.exe, file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: >Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.162.84	property-imper.sbs	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
property-imper.sbs	172.67.162.84	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://property-imper.sbs/api	false		high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.8:49705 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00FEBC9D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], bl	0_2_00FECF05
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+14h]	0_2_00FE98F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h]	0_2_00FEE0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00FEC02B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_0101B860
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_01000870
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+14h]	0_2_00FEE970
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, eax	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00FEEA38
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-65h]	0_2_00FEE35B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebp	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebp	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_01008CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h	0_2_0101BCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx]	0_2_00FEAD00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch]	0_2_01020F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h]	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [edi]	0_2_01005E90

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49705 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49705 -> 172.67.162.84:443

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 172.67.162.84 172.67.162.84

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 172.67.162.84:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: property-imper.sbs

Source: unknown

Source: file.exe, 00000000.00000002.1576433185.0000000001B8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1574657240.0000000001B8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m8
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/Q
Source: file.exe, 00000000.00000002.1576433185.0000000001B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000002.1576433185.0000000001ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiS
Source: file.exe, 00000000.00000003.1574365474.0000000001B97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576727210.0000000001B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/q

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.8:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01019030	0_2_01019030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE89A0	0_2_00FE89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FECF05	0_2_00FECF05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE98F0	0_2_00FE98F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE0D8	0_2_00FEE0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964	0_2_011A1964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B59B3	0_2_011B59B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0112E1A4	0_2_0112E1A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4040	0_2_00FE4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6840	0_2_00FE6840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011949D1	0_2_011949D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A69D5	0_2_011A69D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010141D0	0_2_010141D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0147B199	0_2_0147B199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AF002	0_2_011AF002
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C040	0_2_0101C040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE61A0	0_2_00FE61A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000870	0_2_01000870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEE970	0_2_00FEE970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AA0AD	0_2_011AA0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101F8D0	0_2_0101F8D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101B8E0	0_2_0101B8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE5AC9	0_2_00FE5AC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4AC0	0_2_00FE4AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEB210	0_2_00FEB210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9210	0_2_00FE9210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0125E27D	0_2_0125E27D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE2B80	0_2_00FE2B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFFB60	0_2_00FFFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B0AB8	0_2_011B0AB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFDB30	0_2_00FFDB30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011ABAF0	0_2_011ABAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0119E2E9	0_2_0119E2E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE94D0	0_2_00FE94D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE6CC0	0_2_00FE6CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A8551	0_2_011A8551
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE5C90	0_2_00FE5C90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01003D70	0_2_01003D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01021580	0_2_01021580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_012265B7	0_2_012265B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0108FDB8	0_2_0108FDB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011AD5A9	0_2_011AD5A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE542C	0_2_00FE542C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A3414	0_2_011A3414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B247A	0_2_011B247A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A0C70	0_2_011A0C70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE3580	0_2_00FE3580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01020C80	0_2_01020C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008CB0	0_2_01008CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF9530	0_2_00FF9530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B74CD	0_2_011B74CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010124E0	0_2_010124E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEAD00	0_2_00FEAD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01020F60	0_2_01020F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01008770	0_2_01008770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101C780	0_2_0101C780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01001790	0_2_01001790
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011B3F84	0_2_011B3F84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010187B0	0_2_010187B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A4FC3	0_2_011A4FC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011DEFF7	0_2_011DEFF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01007E20	0_2_01007E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE77D0	0_2_00FE77D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE27D0	0_2_00FE27D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01000650	0_2_01000650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01005E90	0_2_01005E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BB693	0_2_010BB693

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9992699795081967
Source: file.exe	Static PE information: Section: fwtvsnnj ZLIB complexity 0.9945599099864131

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_010127B0 CoCreateInstance,

0_2_010127B0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1867776 > 1048576

Source: file.exe

Static PE information: Raw size of fwtvsnnj is bigger than: 0x100000 < 0x19e000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.fe0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fwtvsnnj:EW;vcdokcsv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fwtvsnnj:EW;vcdokcsv:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1ccef5 should be: 0x1d6134

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: fwtvsnnj
Source: file.exe	Static PE information: section name: vcdokcsv
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push edi; mov dword ptr [esp], ecx	0_2_0104B18F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 63B035C0h; mov dword ptr [esp], ecx	0_2_0104B1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 6AF25632h; mov dword ptr [esp], eax	0_2_0104B29D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0104B179 push 2B666A9Ch; mov dword ptr [esp], ecx	0_2_0104B30B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], edi	0_2_011A1983
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], 5B79F75Ah	0_2_011A19DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 5C3D0EA0h; mov dword ptr [esp], edi	0_2_011A19FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 17CAFFE1h; mov dword ptr [esp], esi	0_2_011A1A5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], eax	0_2_011A1B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 36DB771Bh; mov dword ptr [esp], ebx	0_2_011A1B4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], ebx	0_2_011A1BE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 53139CA7h; mov dword ptr [esp], ecx	0_2_011A1C54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], esi	0_2_011A1CDD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 3EBD3286h; mov dword ptr [esp], ebp	0_2_011A1D4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push esi; mov dword ptr [esp], 55DFC73Bh	0_2_011A1D7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push eax; mov dword ptr [esp], ebx	0_2_011A1DA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 6CCF596Eh; mov dword ptr [esp], ecx	0_2_011A1DAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 6C3D16EAh; mov dword ptr [esp], ecx	0_2_011A1DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 700761F3h; mov dword ptr [esp], ebx	0_2_011A1E7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ecx; mov dword ptr [esp], ebx	0_2_011A1E9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], ecx	0_2_011A1EB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], 5BDD07BCh	0_2_011A1EB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 27DC5529h; mov dword ptr [esp], edi	0_2_011A1EE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], ecx	0_2_011A1F26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebp; mov dword ptr [esp], eax	0_2_011A1FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edx; mov dword ptr [esp], ebx	0_2_011A1FFD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ecx; mov dword ptr [esp], 7D765F1Ah	0_2_011A2001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], 2DB3F096h	0_2_011A2018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push 19FE5A3Ch; mov dword ptr [esp], ebx	0_2_011A203C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push edi; mov dword ptr [esp], edx	0_2_011A2078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011A1964 push ebx; mov dword ptr [esp], edx	0_2_011A208D

Source: file.exe	Static PE information: section name: entropy: 7.982113095110462
Source: file.exe	Static PE information: section name: fwtvsnnj entropy: 7.953020845003473

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103C9D1 second address: 103C9D6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCECA second address: 11BCEE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c push edx 0x0000000d jns 00007F9668C559D6h 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCEE2 second address: 11BCEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BCEE8 second address: 11BCEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB35 second address: 11AEB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB3E second address: 11AEB42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB42 second address: 11AEB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9668BCCCCDh 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AEB5A second address: 11AEB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE8C7 second address: 11BE8FC instructions: 0x00000000 rdtsc 0x00000002 js 00007F9668BCCCC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d push eax 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 pop eax 0x00000014 js 00007F9668BCCCC6h 0x0000001a popad 0x0000001b popad 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jbe 00007F9668BCCCD1h 0x00000028 jmp 00007F9668BCCCCBh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE8FC second address: 103C9D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a movsx ecx, bx 0x0000000d push dword ptr [ebp+122D1731h] 0x00000013 jbe 00007F9668C559DCh 0x00000019 mov dword ptr [ebp+122D278Ch], eax 0x0000001f call dword ptr [ebp+122D2780h] 0x00000025 pushad 0x00000026 pushad 0x00000027 pushad 0x00000028 or di, 6651h 0x0000002d xor dword ptr [ebp+122D1D7Ah], ebx 0x00000033 popad 0x00000034 mov esi, dword ptr [ebp+122D3678h] 0x0000003a popad 0x0000003b xor eax, eax 0x0000003d stc 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 jbe 00007F9668C559E2h 0x00000048 jbe 00007F9668C559DCh 0x0000004e mov dword ptr [ebp+122D3640h], eax 0x00000054 jo 00007F9668C559EDh 0x0000005a jp 00007F9668C559E7h 0x00000060 mov esi, 0000003Ch 0x00000065 jg 00007F9668C559E2h 0x0000006b jp 00007F9668C559DCh 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 cld 0x00000076 lodsw 0x00000078 jmp 00007F9668C559E2h 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 pushad 0x00000082 add dword ptr [ebp+122D1D86h], ebx 0x00000088 popad 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d jnp 00007F9668C559ECh 0x00000093 jmp 00007F9668C559E6h 0x00000098 nop 0x00000099 push eax 0x0000009a push edx 0x0000009b jmp 00007F9668C559DEh 0x000000a0 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BE950 second address: 11BEA03 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668BCCCDEh 0x00000008 jmp 00007F9668BCCCD8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F9668BCCCCEh 0x00000015 nop 0x00000016 mov ecx, dword ptr [ebp+122D3644h] 0x0000001c push 00000000h 0x0000001e mov dword ptr [ebp+122D1E0Ah], eax 0x00000024 push 4A054E08h 0x00000029 pushad 0x0000002a pushad 0x0000002b push eax 0x0000002c pop eax 0x0000002d jmp 00007F9668BCCCD0h 0x00000032 popad 0x00000033 js 00007F9668BCCCD5h 0x00000039 popad 0x0000003a xor dword ptr [esp], 4A054E88h 0x00000041 movsx edx, ax 0x00000044 push 00000003h 0x00000046 jmp 00007F9668BCCCCFh 0x0000004b mov cx, bx 0x0000004e push 00000000h 0x00000050 or dword ptr [ebp+122D270Bh], edx 0x00000056 push 00000003h 0x00000058 mov edi, dword ptr [ebp+122D35DCh] 0x0000005e mov dword ptr [ebp+122D1C1Fh], eax 0x00000064 push D52EB831h 0x00000069 push eax 0x0000006a push edx 0x0000006b push ebx 0x0000006c js 00007F9668BCCCC6h 0x00000072 pop ebx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEA03 second address: 11BEA08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEA08 second address: 11BEA6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 152EB831h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F9668BCCCC8h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+124557BCh] 0x00000030 jmp 00007F9668BCCCD2h 0x00000035 push esi 0x00000036 mov edx, dword ptr [ebp+122D19FCh] 0x0000003c pop ecx 0x0000003d push eax 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F9668BCCCD3h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEBFD second address: 11BEC03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BECD6 second address: 11BED05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 mov dx, cx 0x0000000b mov dword ptr [ebp+122D34CDh], ebx 0x00000011 push 00000000h 0x00000013 mov edi, dword ptr [ebp+122D3718h] 0x00000019 push E669A1A9h 0x0000001e pushad 0x0000001f jc 00007F9668BCCCCCh 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BED05 second address: 11BED09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFCAA second address: 11DFCD3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F9668BCCCCEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F9668BCCCD2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE140 second address: 11DE160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9668C559DBh 0x0000000c jmp 00007F9668C559DEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE160 second address: 11DE164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE529 second address: 11DE533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE533 second address: 11DE537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE537 second address: 11DE543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9668C559D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE543 second address: 11DE549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE549 second address: 11DE54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DE6EE second address: 11DE6F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB45 second address: 11DEB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E3h 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F9668C559D6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DEB66 second address: 11DEB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF3F7 second address: 11DF438 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9668C559D6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9668C559E7h 0x00000016 jmp 00007F9668C559E9h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF438 second address: 11DF442 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6C4 second address: 11DF6C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6C8 second address: 11DF6D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6D0 second address: 11DF6F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jp 00007F9668C559D6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F9668C559D6h 0x00000012 jmp 00007F9668C559DFh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DF6F1 second address: 11DF6F7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFADB second address: 11DFAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11DFAE4 second address: 11DFAEE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9668BCCCDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3650 second address: 11E3671 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F9668C559E4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E3671 second address: 11E3675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24CD second address: 11E24DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24DE second address: 11E24E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9668BCCCC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24E8 second address: 11E24FF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668C559D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F9668C559D6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E24FF second address: 11E2505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB65F second address: 11EB685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668C559DCh 0x0000000b jns 00007F9668C559D6h 0x00000011 jmp 00007F9668C559DDh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC74 second address: 11EAC79 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC79 second address: 11EAC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559DBh 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAC90 second address: 11EAC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAFBE second address: 11EAFC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EAFC2 second address: 11EAFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F9668BCCCC6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EB289 second address: 11EB28E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3E6 second address: 11ED3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3EB second address: 11ED3F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED3F2 second address: 11ED402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5B2 second address: 11ED5B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5B8 second address: 11ED5BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED5BC second address: 11ED5C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED96E second address: 11ED974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED974 second address: 11ED978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE47 second address: 11EDE62 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9668BCCCCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F9668BCCCC8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDE62 second address: 11EDEA3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668C559D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebx 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F9668C559D8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, ecx 0x00000029 push eax 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F9668C559DFh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDF4F second address: 11EDF61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EDF61 second address: 11EDF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE160 second address: 11EE164 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EE80A second address: 11EE80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EF2EB second address: 11EF314 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9668BCCCCCh 0x00000008 je 00007F9668BCCCC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 jmp 00007F9668BCCCD1h 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F022E second address: 11F0232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0232 second address: 11F0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0238 second address: 11F025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F186E second address: 11F188A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F9668BCCCD6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F0B91 second address: 11F0B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DB3 second address: 11F2DBD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DBD second address: 11F2DC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F2DC3 second address: 11F2DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F373C second address: 11F3741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3741 second address: 11F37A2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d mov esi, dword ptr [ebp+122D28BBh] 0x00000013 mov dword ptr [ebp+1246FB1Fh], edx 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F9668BCCCC8h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov esi, 18D37B59h 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c pushad 0x0000003d jmp 00007F9668BCCCD4h 0x00000042 push edi 0x00000043 pop edi 0x00000044 popad 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F37A2 second address: 11F37A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F790A second address: 11F7962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b mov bx, 31DFh 0x0000000f push eax 0x00000010 push edx 0x00000011 movzx edi, si 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F9668BCCCC8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 mov ebx, eax 0x00000034 xchg eax, esi 0x00000035 pushad 0x00000036 jmp 00007F9668BCCCD7h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e pop eax 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3501 second address: 11F3505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3FDF second address: 11F3FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F7962 second address: 11F7966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F3FE5 second address: 11F3FEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F8909 second address: 11F890F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA895 second address: 11FA8D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bx, si 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+1247BCC8h], edx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F9668BCCCC8h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 jng 00007F9668BCCCC8h 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA8D2 second address: 11FA8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FB8E6 second address: 11FB962 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c jmp 00007F9668BCCCCFh 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F9668BCCCC8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F9668BCCCC8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 sub di, 755Bh 0x0000004d sub dword ptr [ebp+1247E199h], edx 0x00000053 xor edi, dword ptr [ebp+122D3744h] 0x00000059 push 00000000h 0x0000005b mov di, 6E4Ch 0x0000005f xchg eax, esi 0x00000060 push esi 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FB962 second address: 11FB968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FCA9D second address: 11FCAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F9668BCCCC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDA24 second address: 11FDA29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12016A9 second address: 1201727 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 jmp 00007F9668BCCCD5h 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F9668BCCCC8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F9668BCCCC8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 sub dword ptr [ebp+122D29B7h], eax 0x0000004b push 00000000h 0x0000004d sub ebx, dword ptr [ebp+122D3750h] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F9668BCCCD1h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201727 second address: 1201731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201731 second address: 1201735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120072F second address: 1200735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120185E second address: 1201867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1202836 second address: 120283C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200735 second address: 120073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203632 second address: 12036D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F9668C559D6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F9668C559D8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+122D1DD2h] 0x00000031 push 00000000h 0x00000033 mov bx, 4203h 0x00000037 jmp 00007F9668C559E5h 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007F9668C559D8h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 00000014h 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 jmp 00007F9668C559E5h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F9668C559E5h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1201867 second address: 120186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120073A second address: 1200740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12036D0 second address: 12036DA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200740 second address: 1200744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12028CB second address: 12028D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1200744 second address: 1200748 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12028D1 second address: 12028EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668BCCCD5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204683 second address: 1204688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203901 second address: 1203913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1204688 second address: 120468E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203913 second address: 1203918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120468E second address: 120469B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203918 second address: 120391E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120469B second address: 12046E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ebx 0x00000008 nop 0x00000009 sub edi, dword ptr [ebp+122D3808h] 0x0000000f push 00000000h 0x00000011 mov di, dx 0x00000014 and ebx, dword ptr [ebp+122D18D9h] 0x0000001a push 00000000h 0x0000001c mov ebx, 3D3BA420h 0x00000021 xchg eax, esi 0x00000022 jp 00007F9668C559DCh 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jg 00007F9668C559EDh 0x00000031 jmp 00007F9668C559E7h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205766 second address: 120576B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206889 second address: 1206899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F9668C559D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12058AB second address: 12058B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12059A1 second address: 12059AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12059AB second address: 12059AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9C02 second address: 11A9C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9C09 second address: 11A9C24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668BCCCD7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210769 second address: 1210774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210774 second address: 1210780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9668BCCCC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210780 second address: 1210784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12102EF second address: 1210320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F9668BCCCDFh 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F9668BCCCD7h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210320 second address: 1210326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1210326 second address: 121032A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121032A second address: 121032E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121592D second address: 1215932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119F96B second address: 119F975 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668C559D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219ABC second address: 1219AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9668BCCCD5h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F9668BCCCC6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C3D second address: 1219C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C43 second address: 1219C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C47 second address: 1219C60 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F9668C559E1h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C60 second address: 1219C84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jns 00007F9668BCCCC6h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219C84 second address: 1219CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668C559E9h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219DDD second address: 1219DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F9668BCCCC6h 0x0000000c popad 0x0000000d popad 0x0000000e jnp 00007F9668BCCCD4h 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219F5E second address: 1219F77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F9668C559E3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219F77 second address: 1219F83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007F9668BCCCC6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A0D9 second address: 121A0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A0E1 second address: 121A10A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c jmp 00007F9668BCCCCEh 0x00000011 je 00007F9668BCCCCCh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A27C second address: 121A2AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E6h 0x00000007 jmp 00007F9668C559DFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007F9668C55A01h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121A2AF second address: 121A2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B3A8D second address: 11B3AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F9668C559E0h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E722 second address: 121E726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E726 second address: 121E755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9668C559E3h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8BD second address: 121E8C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8C1 second address: 121E8D1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9668C559D6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8D1 second address: 121E8EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8EE second address: 121E8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9668C559D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E8F8 second address: 121E8FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECC2 second address: 121ECC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECC8 second address: 121ECCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECCC second address: 121ECD7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECD7 second address: 121ECDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121ECDD second address: 121ECE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E419 second address: 121E41F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E41F second address: 121E42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121E42B second address: 121E463 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD2h 0x00000007 jc 00007F9668BCCCC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F9668BCCCD9h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F0F2 second address: 121F0F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F0F7 second address: 121F111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9668BCCCC6h 0x0000000a pop eax 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F111 second address: 121F116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F28E second address: 121F299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9668BCCCC6h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F48AC second address: 11F48B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5375 second address: 11F537F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F56D9 second address: 11F56E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F9668C559D6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F56E7 second address: 11F56FB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58BC second address: 11F58C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58C0 second address: 11F58C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F58C6 second address: 11F58CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A4B second address: 11F5A51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A51 second address: 11F5A60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A60 second address: 11F5A66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A66 second address: 11F5A6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A6C second address: 11F5A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5A70 second address: 11F5A74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5BAD second address: 11F5BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F9668BCCCC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5BB8 second address: 11F5C50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a ja 00007F9668C559EFh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F9668C559D8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D1DFAh], ebx 0x00000031 lea eax, dword ptr [ebp+1248B624h] 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F9668C559D8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 je 00007F9668C559D6h 0x00000057 push eax 0x00000058 push edi 0x00000059 push eax 0x0000005a push edx 0x0000005b jp 00007F9668C559D6h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5C50 second address: 11F5CB3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f jo 00007F9668BCCCC9h 0x00000015 movzx esi, dx 0x00000018 mov edi, 31AE1F14h 0x0000001d popad 0x0000001e lea eax, dword ptr [ebp+1248B5E0h] 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F9668BCCCC8h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F9668BCCCD7h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226191 second address: 1226196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226196 second address: 12261A0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9668BCCCCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12261A0 second address: 12261A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226562 second address: 1226577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F9668BCCCC6h 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226577 second address: 122657B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122657B second address: 122658B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F9668BCCCC6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226708 second address: 122670E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122670E second address: 122673C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F9668BCCCC8h 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F9668BCCCD7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122673C second address: 1226740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226740 second address: 1226746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12268A7 second address: 12268E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F9668C559E3h 0x00000013 js 00007F9668C559D6h 0x00000019 popad 0x0000001a push ebx 0x0000001b jmp 00007F9668C559DFh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B6A second address: 1226B78 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F9668BCCCC8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B78 second address: 1226B7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1226B7E second address: 1226B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BED6 second address: 122BEDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEDA second address: 122BEE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEE0 second address: 122BEE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEE6 second address: 122BEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BEEC second address: 122BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C04F second address: 122C060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F9668BCCCCCh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C060 second address: 122C097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E7h 0x00000007 jp 00007F9668C559DEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push edi 0x00000016 jg 00007F9668C559D6h 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C1E4 second address: 122C1F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9668BCCCC6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C33F second address: 122C34F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F9668C559D6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4CA second address: 122C4E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F9668BCCCC6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F9668BCCCCAh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4E4 second address: 122C4EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C4EA second address: 122C4EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C631 second address: 122C637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C637 second address: 122C63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122C913 second address: 122C919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CBFF second address: 122CC05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CE87 second address: 122CEBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9668C559E8h 0x00000008 jmp 00007F9668C559DFh 0x0000000d jl 00007F9668C559D6h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122CEBE second address: 122CED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jg 00007F9668BCCCCEh 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D354 second address: 122D36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D36D second address: 122D371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122D371 second address: 122D377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBB0 second address: 122BBD1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9668BCCCD1h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBD1 second address: 122BBDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122BBDA second address: 122BC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 ja 00007F9668BCCCECh 0x0000000c je 00007F9668BCCCD2h 0x00000012 push ebx 0x00000013 jmp 00007F9668BCCCCCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EF54 second address: 122EF8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnl 00007F9668C559E7h 0x0000000b jmp 00007F9668C559E1h 0x00000010 pushad 0x00000011 jmp 00007F9668C559E8h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1231B69 second address: 1231B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DDDB second address: 119DDE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DDE1 second address: 119DE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668BCCCD4h 0x0000000b jmp 00007F9668BCCCCCh 0x00000010 jnp 00007F9668BCCCC6h 0x00000016 popad 0x00000017 pop ecx 0x00000018 jbe 00007F9668BCCCE4h 0x0000001e pushad 0x0000001f jbe 00007F9668BCCCC6h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE1E second address: 119DE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1235808 second address: 123580D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123580D second address: 123582B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9668C559E8h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12353AB second address: 12353AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237B70 second address: 1237B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123772F second address: 123774E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9668BCCCD0h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007F9668BCCCC6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123774E second address: 1237754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237754 second address: 1237758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237758 second address: 1237777 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007F9668C559E0h 0x00000010 pop ecx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1237777 second address: 123777D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123777D second address: 1237782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123AF92 second address: 123AFAD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F9668BCCCCEh 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123B125 second address: 123B147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 jmp 00007F9668C559E5h 0x0000000b pop edi 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243889 second address: 1243898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jg 00007F9668BCCCCAh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243898 second address: 124389F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12439CD second address: 1243A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 jmp 00007F9668BCCCD1h 0x00000016 push ecx 0x00000017 jmp 00007F9668BCCCD7h 0x0000001c pop ecx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243A21 second address: 1243A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243A3C second address: 1243A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F9668BCCCC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1243BA2 second address: 1243BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5509 second address: 11F5512 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5512 second address: 11F556F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jl 00007F9668C559D6h 0x0000000f mov ebx, dword ptr [ebp+1248B61Fh] 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F9668C559D8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f jmp 00007F9668C559E3h 0x00000034 add eax, ebx 0x00000036 sbb edi, 1D0B1A77h 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jnl 00007F9668C559D8h 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244131 second address: 1244154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCD3h 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F9668BCCCC6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244154 second address: 124415A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124415A second address: 124416D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 jmp 00007F9668BCCCCAh 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124416D second address: 1244176 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BA5 second address: 1244BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BAB second address: 1244BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BAF second address: 1244BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1244BB3 second address: 1244BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124CF31 second address: 124CF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F9668BCCCD1h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9668BCCCCDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D266 second address: 124D27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D56D second address: 124D577 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124D577 second address: 124D586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F9668C559D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1250A9D second address: 1250AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125119E second address: 12511A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12511A5 second address: 12511D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F9668BCCCCEh 0x00000010 pushad 0x00000011 jmp 00007F9668BCCCCCh 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a push esi 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125149A second address: 125149E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125149E second address: 12514C6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668BCCCC6h 0x00000008 jmp 00007F9668BCCCD8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12514C6 second address: 12514CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1255D52 second address: 1255D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F9668BCCCD5h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125F1AB second address: 125F1C6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F9668C559E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D96A second address: 125D976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9668BCCCC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D976 second address: 125D988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F9668C559DCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D988 second address: 125D996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9668BCCCCEh 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D996 second address: 125D99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D99A second address: 125D99F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DAC6 second address: 125DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F9668C559DCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DAD7 second address: 125DADE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDBA second address: 125DDBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDBE second address: 125DDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F9668BCCCD2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDCC second address: 125DDD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDD2 second address: 125DDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DDD6 second address: 125DDDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF1A second address: 125DF3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF3A second address: 125DF46 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9668C559D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DF46 second address: 125DF59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCCDh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E8FF second address: 125E904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E904 second address: 125E92F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push edi 0x00000009 jmp 00007F9668BCCCD5h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 jne 00007F9668BCCCC6h 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E92F second address: 125E935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125E935 second address: 125E939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125CF49 second address: 125CF7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F9668C559DCh 0x0000000f jmp 00007F9668C559E2h 0x00000014 jo 00007F9668C559D6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264B94 second address: 1264B9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264B9B second address: 1264BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9668C559DBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264566 second address: 126456A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126456A second address: 1264581 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DDh 0x00000007 jnp 00007F9668C559D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12646F0 second address: 1264706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9668BCCCD0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1264874 second address: 126487C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 126487C second address: 12648A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCCBh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F9668BCCCCEh 0x00000014 jp 00007F9668BCCCC6h 0x0000001a popad 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127142B second address: 127145A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F9668C559D6h 0x00000011 jo 00007F9668C559D6h 0x00000017 popad 0x00000018 pushad 0x00000019 jne 00007F9668C559D6h 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12749EF second address: 12749F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12743E2 second address: 12743FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E1h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12743FD second address: 1274424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F9668BCCCC6h 0x0000000a popad 0x0000000b jmp 00007F9668BCCCD4h 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F9668BCCCC6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274424 second address: 1274437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007F9668C559EAh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274437 second address: 127443B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274593 second address: 1274597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274597 second address: 12745B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1278079 second address: 1278081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1278081 second address: 127808B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9668BCCCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127808B second address: 12780A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push ecx 0x00000009 jmp 00007F9668C559DFh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127D3EE second address: 127D3F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127D3F2 second address: 127D408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F9668C559D8h 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F9668C559D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1285642 second address: 1285648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1285648 second address: 128564E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129035C second address: 1290362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128EF79 second address: 128EFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668C559E8h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F9668C559D6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F25B second address: 128F261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F261 second address: 128F265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 128F3FF second address: 128F405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1290092 second address: 1290097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1290097 second address: 12900AE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9668BCCCCCh 0x00000008 js 00007F9668BCCCC6h 0x0000000e pushad 0x0000000f jg 00007F9668BCCCC6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129291A second address: 1292934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129485C second address: 1294878 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD0h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1294878 second address: 129487C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129487C second address: 12948A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jng 00007F9668BCCCEDh 0x0000000f jmp 00007F9668BCCCD9h 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12943BA second address: 12943C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129451D second address: 1294559 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9668BCCCCEh 0x00000008 ja 00007F9668BCCCC6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F9668BCCCC8h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b jmp 00007F9668BCCCD8h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129D4A1 second address: 129D4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129D4A5 second address: 129D4C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F1F1 second address: 129F1FB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9668C559E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F1FB second address: 129F20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9668BCCCC6h 0x0000000a jbe 00007F9668BCCCCCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F20D second address: 129F218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129F218 second address: 129F21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B060B second address: 12B0619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B0619 second address: 12B0623 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9668BCCCCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B41C8 second address: 12B41CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12B41CC second address: 12B41D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CC651 second address: 12CC666 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9668C559D6h 0x00000008 jc 00007F9668C559D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CC666 second address: 12CC6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9668BCCCD7h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007F9668BCCCC6h 0x00000013 jmp 00007F9668BCCCD6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CB724 second address: 12CB72C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CB87F second address: 12CB883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CBBB6 second address: 12CBBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CDC2C second address: 12CDC31 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0808 second address: 12D0817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0A3C second address: 12D0AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668BCCCD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F9668BCCCD9h 0x0000000f nop 0x00000010 or dword ptr [ebp+122D1DF3h], edx 0x00000016 push dword ptr [ebp+122D1812h] 0x0000001c movsx edx, dx 0x0000001f call 00007F9668BCCCC9h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 jmp 00007F9668BCCCD6h 0x0000002c pop eax 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AA4 second address: 12D0AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AA9 second address: 12D0AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9668BCCCC6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F9668BCCCCFh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a jno 00007F9668BCCCC6h 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AD4 second address: 12D0AF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9668C559E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AF7 second address: 12D0AFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D0AFB second address: 12D0B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D1E73 second address: 12D1E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D1E79 second address: 12D1E9C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F9668C559D6h 0x0000000d jmp 00007F9668C559E4h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12D3E3A second address: 12D3E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9668BCCCCAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFD0A second address: 11EFD10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103CA46 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103C947 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 103A1A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11F4932 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 12675C4 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 7044	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7044	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW;
Source: file.exe, 00000000.00000002.1576433185.0000000001B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1576433185.0000000001B43000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0101DF70 LdrInitializeThunk,

0_2_0101DF70

Source: file.exe, file.exe, 00000000.00000002.1575121229.00000000011C3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: >Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1561818
Product:	CloudBasic
Start time:	11:32:13
Start date:	24.11.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	c7ffd9f68af166bc332ad19be70c3b5c
SHA1:	e19af1c281e963bdb378dd17b84706c51a87bb19
SHA256:	0b2957e10a9d6c29a680e112571ea46be5fedeac0ecc6f0097337f40d61a4cb1
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe