Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561923
MD5: 542cd6ef81cdd42518ba3baf58eb90e6
SHA1: b8ddd7bd3eae36806335a2c215863853c6c424f4
SHA256: 23f4575b36961a3121fbec04b3e803e020e9dea411cce529a02e6eb658cc0f60
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Suricata IDS alerts for network traffic
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.33.116:443 -> 192.168.2.8:49704 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], bl 0_2_002FCF05
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_002FC02B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00310870
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_0032B860
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 0_2_0032C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh 0_2_0032C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h 0_2_0032C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 0_2_0032C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, eax 0_2_0032B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_0032B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+14h] 0_2_002F98F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_0032F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_0032F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h] 0_2_002FE0D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+14h] 0_2_002FE970
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_002FEA38
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-65h] 0_2_002FE35B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00318CB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_002FBC9D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 0_2_002F5C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 0_2_002F5C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h 0_2_0032BCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx] 0_2_002FAD00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [edi] 0_2_00315E90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch] 0_2_00330F60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h] 0_2_002F77D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax 0_2_002F77D0

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49704 -> 104.21.33.116:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49704 -> 104.21.33.116:443
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.33.116 104.21.33.116
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 104.21.33.116:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49704 -> 104.21.33.116:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: property-imper.sbs
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs
Source: file.exe, 00000000.00000002.1496657784.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/
Source: file.exe, 00000000.00000003.1495487272.0000000000F12000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495632957.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495559428.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496731344.0000000000F15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496657784.0000000000F06000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000002.1496527747.0000000000EEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000EEC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/apiC
Source: file.exe, 00000000.00000003.1495632957.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000F06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496657784.0000000000F06000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/apiM
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown HTTPS traffic detected: 104.21.33.116:443 -> 192.168.2.8:49704 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00329030 0_2_00329030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F89A0 0_2_002F89A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002FCF05 0_2_002FCF05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00310870 0_2_00310870
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F4040 0_2_002F4040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F6840 0_2_002F6840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0032C040 0_2_0032C040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0032B8E0 0_2_0032B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F98F0 0_2_002F98F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0032F8D0 0_2_0032F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002FE0D8 0_2_002FE0D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002FE970 0_2_002FE970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F61A0 0_2_002F61A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C5982 0_2_004C5982
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003241D0 0_2_003241D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C09B2 0_2_004C09B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F9210 0_2_002F9210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002FB210 0_2_002FB210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F4AC0 0_2_002F4AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0030DB30 0_2_0030DB30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0030FB60 0_2_0030FB60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036D36F 0_2_0036D36F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F2B80 0_2_002F2B80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C241C 0_2_004C241C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00318CB0 0_2_00318CB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00330C80 0_2_00330C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B54F3 0_2_004B54F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F5C90 0_2_002F5C90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003224E0 0_2_003224E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F6CC0 0_2_002F6CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F94D0 0_2_002F94D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00309530 0_2_00309530
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004C7558 0_2_004C7558
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002FAD00 0_2_002FAD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00313D70 0_2_00313D70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048BD2A 0_2_0048BD2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F3580 0_2_002F3580
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00331580 0_2_00331580
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BF58C 0_2_003BF58C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00317E20 0_2_00317E20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B165E 0_2_004B165E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00310650 0_2_00310650
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B9EC6 0_2_004B9EC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00315E90 0_2_00315E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004BEF5B 0_2_004BEF5B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00318770 0_2_00318770
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E876E 0_2_003E876E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00330F60 0_2_00330F60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003287B0 0_2_003287B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00311790 0_2_00311790
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0032C780 0_2_0032C780
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041278D 0_2_0041278D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B0792 0_2_004B0792
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F27D0 0_2_002F27D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_002F77D0 0_2_002F77D0
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.999327612704918
Source: file.exe Static PE information: Section: euxtkkub ZLIB complexity 0.9940000281193762
Source: classification engine Classification label: mal100.evad.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003227B0 CoCreateInstance, 0_2_003227B0
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1878528 > 1048576
Source: file.exe Static PE information: Raw size of euxtkkub is bigger than: 0x100000 < 0x1a0c00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.2f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;euxtkkub:EW;ttmnjqdd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;euxtkkub:EW;ttmnjqdd:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d8c83 should be: 0x1d6a49
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: euxtkkub
Source: file.exe Static PE information: section name: ttmnjqdd
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00595859 push esi; mov dword ptr [esp], 4963FB10h 0_2_00595878
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00595859 push 32CBB7C8h; mov dword ptr [esp], ebx 0_2_005958EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00595859 push edi; mov dword ptr [esp], eax 0_2_00595910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004FD85E push ecx; mov dword ptr [esp], esi 0_2_004FD8CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00308028 push esp; ret 0_2_0030802B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B0868 push ebx; mov dword ptr [esp], 1AD68EE0h 0_2_005B0872
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B0868 push esi; mov dword ptr [esp], 502CB876h 0_2_005B09BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00596839 push 58DF42F3h; mov dword ptr [esp], esi 0_2_0059687D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00305057 push eax; iretd 0_2_00305058
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AC030 push 5BC44554h; mov dword ptr [esp], edx 0_2_005AC0A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004E803B push edx; mov dword ptr [esp], 2C8BAC70h 0_2_004E8083
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005590D4 push esi; mov dword ptr [esp], edi 0_2_00559112
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005808D6 push ebp; mov dword ptr [esp], eax 0_2_00580903
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004DF0E7 push 56689AA5h; mov dword ptr [esp], edi 0_2_004DF6ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005878E8 push ebp; mov dword ptr [esp], 6DCC9028h 0_2_0058791E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005878E8 push ebx; mov dword ptr [esp], esi 0_2_0058793A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005878E8 push 3AD7AF7Dh; mov dword ptr [esp], eax 0_2_00587961
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005780EF push edi; mov dword ptr [esp], esi 0_2_005784B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058D095 push 1A52A2A6h; mov dword ptr [esp], esp 0_2_0058D0B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058D095 push edi; mov dword ptr [esp], 0B2F15D6h 0_2_0058D0C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058D095 push 76C03E25h; mov dword ptr [esp], edi 0_2_0058D182
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058C8BC push 2039066Dh; mov dword ptr [esp], eax 0_2_0058C8CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004EE8A7 push eax; mov dword ptr [esp], 4FFB6DA6h 0_2_004EE8F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00541953 push 04FEEF4Bh; mov dword ptr [esp], ebx 0_2_00541992
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052917F push 64EE862Bh; mov dword ptr [esp], ebx 0_2_00529D89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052917F push 66DA49E7h; mov dword ptr [esp], esp 0_2_00529D92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0030811F push esp; iretd 0_2_00308135
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00308100 push esp; iretd 0_2_00308102
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F811B push 5AD60994h; mov dword ptr [esp], ecx 0_2_004F812C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004F811B push 7BFE382Eh; mov dword ptr [esp], esp 0_2_004F8134
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005881C6 push 40335C28h; mov dword ptr [esp], eax 0_2_005881F0
Source: file.exe Static PE information: section name: entropy: 7.982670548763517
Source: file.exe Static PE information: section name: euxtkkub entropy: 7.953806103846816

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 34D3AF second address: 34CC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F59556149A7h 0x00000009 popad 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D2786h], ecx 0x00000011 push dword ptr [ebp+122D13ADh] 0x00000017 cmc 0x00000018 call dword ptr [ebp+122D2729h] 0x0000001e pushad 0x0000001f cmc 0x00000020 xor eax, eax 0x00000022 jmp 00007F59556149A4h 0x00000027 mov edx, dword ptr [esp+28h] 0x0000002b pushad 0x0000002c add edx, dword ptr [ebp+122D37F9h] 0x00000032 mov si, ax 0x00000035 popad 0x00000036 mov dword ptr [ebp+122D3AF9h], eax 0x0000003c or dword ptr [ebp+122D21CCh], edi 0x00000042 mov esi, 0000003Ch 0x00000047 js 00007F595561499Ch 0x0000004d add esi, dword ptr [esp+24h] 0x00000051 pushad 0x00000052 mov bx, 3189h 0x00000056 mov dword ptr [ebp+122D21CCh], esi 0x0000005c popad 0x0000005d lodsw 0x0000005f cld 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 pushad 0x00000065 pushad 0x00000066 add eax, 41EABC8Eh 0x0000006c mov dword ptr [ebp+122D21CCh], ebx 0x00000072 popad 0x00000073 call 00007F59556149A8h 0x00000078 mov esi, eax 0x0000007a pop edi 0x0000007b popad 0x0000007c mov ebx, dword ptr [esp+24h] 0x00000080 cld 0x00000081 nop 0x00000082 push edi 0x00000083 push eax 0x00000084 push edx 0x00000085 push eax 0x00000086 pop eax 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB457 second address: 4BB468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jl 00007F5954CE94A6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB468 second address: 4BB46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB46C second address: 4BB472 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB472 second address: 4BB47E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F5955614996h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB47E second address: 4BB482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BB482 second address: 4BB4B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F595561499Ch 0x00000012 jc 00007F5955614996h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB575 second address: 4CB579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB579 second address: 4CB57F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB57F second address: 4CB58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB58B second address: 4CB58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB58F second address: 4CB5AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB88B second address: 4CB895 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CB895 second address: 4CB89C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CBB26 second address: 4CBB2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CBB2B second address: 4CBB31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CBB31 second address: 4CBB37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CBB37 second address: 4CBB3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF068 second address: 4CF0E1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F595561499Ch 0x0000000c jnp 00007F5955614996h 0x00000012 popad 0x00000013 xor dword ptr [esp], 0D53EE8Bh 0x0000001a push edx 0x0000001b jl 00007F5955614998h 0x00000021 push edi 0x00000022 pop ecx 0x00000023 pop edx 0x00000024 adc dl, FFFFFFA1h 0x00000027 push 00000003h 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c mov edi, dword ptr [ebp+122D3A11h] 0x00000032 add ch, 0000000Eh 0x00000035 popad 0x00000036 push 00000003h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F5955614998h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 jno 00007F595561499Ch 0x00000058 call 00007F5955614999h 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F595561499Dh 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF0E1 second address: 4CF0E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF0E5 second address: 4CF119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F5955614998h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F59556149A6h 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jp 00007F5955614998h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF119 second address: 4CF123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F5954CE94A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF123 second address: 4CF13F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F595561499Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF332 second address: 4CF33C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5954CE94ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF3D4 second address: 4CF3D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF4B6 second address: 4CF4BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF4BA second address: 4CF4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF4C0 second address: 4CF501 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5954CE94ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 69A4DBB0h 0x00000011 jnc 00007F5954CE94ACh 0x00000017 lea ebx, dword ptr [ebp+12455F0Dh] 0x0000001d jmp 00007F5954CE94B2h 0x00000022 push eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4CF501 second address: 4CF505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E1730 second address: 4E1734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDA82 second address: 4EDAA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5955614996h 0x0000000a jmp 00007F59556149A1h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDAA1 second address: 4EDAAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5954CE94A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDAAB second address: 4EDABB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDABB second address: 4EDAC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDAC1 second address: 4EDAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDAC5 second address: 4EDACB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDACB second address: 4EDAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDEB0 second address: 4EDEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDEB4 second address: 4EDF05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A8h 0x00000007 jc 00007F5955614996h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007F59556149A8h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F595561499Dh 0x0000001d jnl 00007F5955614996h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDF05 second address: 4EDF09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EDF09 second address: 4EDF0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE1FF second address: 4EE205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE205 second address: 4EE222 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5955614996h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F595561499Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE7A9 second address: 4EE7AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE7AF second address: 4EE7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE7B5 second address: 4EE7B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EE7B9 second address: 4EE7BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E2CF4 second address: 4E2CFE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EEBFD second address: 4EEC01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EEC01 second address: 4EEC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5954CE94AEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EEC1B second address: 4EEC1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EEC1F second address: 4EEC29 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF838 second address: 4EF842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5955614996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF842 second address: 4EF855 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94AFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF855 second address: 4EF85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F49A7 second address: 4F49AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F49AD second address: 4F49E4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F59556149A3h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d js 00007F59556149B1h 0x00000013 pushad 0x00000014 jmp 00007F59556149A3h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F3140 second address: 4F3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F4B07 second address: 4F4B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F7A9E second address: 4F7AA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD578 second address: 4FD582 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FCA0B second address: 4FCA0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FCA0F second address: 4FCA13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FCB5F second address: 4FCB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FCB68 second address: 4FCB6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD124 second address: 4FD12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD275 second address: 4FD281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 ja 00007F5955614996h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD3E9 second address: 4FD3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD3ED second address: 4FD401 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5955614996h 0x00000008 jc 00007F5955614996h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD401 second address: 4FD405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FD405 second address: 4FD41C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push edi 0x0000000a jmp 00007F595561499Ah 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF25B second address: 4FF264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FF300 second address: 4FF337 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 jg 00007F595561499Ch 0x00000016 pop eax 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F59556149A6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FFE13 second address: 4FFE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FFE17 second address: 4FFE25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F595561499Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FFEE1 second address: 4FFEE7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FFFA1 second address: 4FFFB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500193 second address: 500197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5004B0 second address: 5004B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500A6A second address: 500AFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F5954CE94A8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov esi, 67CD75C5h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F5954CE94A8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 mov dword ptr [ebp+122D2144h], ebx 0x0000004e push 00000000h 0x00000050 mov di, 2B5Ch 0x00000054 and si, F531h 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b jbe 00007F5954CE94A8h 0x00000061 pushad 0x00000062 popad 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F5954CE94B3h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500AFD second address: 500B26 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F59556149ABh 0x00000014 jmp 00007F59556149A5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 501624 second address: 50162B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5047F7 second address: 504819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007F595561499Bh 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F595561499Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5052EF second address: 505306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007F5954CE94A6h 0x00000010 jc 00007F5954CE94A6h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 505EC6 second address: 505ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 505ECC second address: 505EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5954CE94B0h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 505EE3 second address: 505EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 506967 second address: 506981 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 509E8F second address: 509E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 509E93 second address: 509EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5954CE94AFh 0x00000012 pop edx 0x00000013 nop 0x00000014 mov ebx, dword ptr [ebp+122D26E3h] 0x0000001a push 00000000h 0x0000001c sub di, E1D9h 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push edi 0x00000026 call 00007F5954CE94A8h 0x0000002b pop edi 0x0000002c mov dword ptr [esp+04h], edi 0x00000030 add dword ptr [esp+04h], 0000001Ch 0x00000038 inc edi 0x00000039 push edi 0x0000003a ret 0x0000003b pop edi 0x0000003c ret 0x0000003d movzx ebx, bx 0x00000040 xchg eax, esi 0x00000041 push eax 0x00000042 push edx 0x00000043 push ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 509EED second address: 509EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E40B second address: 50E411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51257A second address: 512581 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 512581 second address: 5125C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a sbb ebx, 1D9AECEFh 0x00000010 push 00000000h 0x00000012 mov ebx, 1A069B15h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F5954CE94A8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 xchg eax, esi 0x00000034 pushad 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5146C8 second address: 5146DA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5146DA second address: 5146DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 506733 second address: 50675A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F5955614998h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5146DE second address: 5146E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5158D8 second address: 515905 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F595561499Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b ja 00007F595561499Ch 0x00000011 pushad 0x00000012 jmp 00007F595561499Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 515905 second address: 515950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 mov bl, 6Bh 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F5954CE94A8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 sub edi, 0B74487Dh 0x0000002d xchg eax, esi 0x0000002e push ecx 0x0000002f push eax 0x00000030 jp 00007F5954CE94A6h 0x00000036 pop eax 0x00000037 pop ecx 0x00000038 push eax 0x00000039 push esi 0x0000003a push eax 0x0000003b push edx 0x0000003c jg 00007F5954CE94A6h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51695C second address: 516961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 516961 second address: 516978 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5954CE94A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jng 00007F5954CE94B0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B11C8 second address: 4B11D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B11D1 second address: 4B11DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B11DA second address: 4B11DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B11DE second address: 4B11E8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5954CE94A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5223CB second address: 5223E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5223E7 second address: 5223EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5223EB second address: 5223F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5223F7 second address: 5223FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5223FD second address: 522401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 522401 second address: 52240B instructions: 0x00000000 rdtsc 0x00000002 js 00007F5954CE94A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AF743 second address: 4AF764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AF764 second address: 4AF771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F5954CE94A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 521C2C second address: 521C4E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F59556149A4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F595561499Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 521C4E second address: 521C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 521DDC second address: 521DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52806C second address: 52807D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007F5954CE94A6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BD046 second address: 4BD052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5955614998h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BD052 second address: 4BD088 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B7h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a ja 00007F5954CE94A6h 0x00000010 jmp 00007F5954CE94B2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 528B40 second address: 528B46 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 528DEE second address: 528E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 js 00007F5954CE94A8h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 jo 00007F5954CE94A6h 0x00000017 pop ecx 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 528E09 second address: 528E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F595561499Dh 0x0000000f mov eax, dword ptr [eax] 0x00000011 push edx 0x00000012 jmp 00007F595561499Fh 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53007B second address: 530081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 509053 second address: 50906A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F59556149A1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50A144 second address: 50A148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50D2F5 second address: 50D2FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E5B0 second address: 50E5B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E5B6 second address: 50E5CD instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5955614998h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F5955614998h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E5CD second address: 50E5D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5116FC second address: 511718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F595561499Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F5955614996h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 512729 second address: 51272D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51272D second address: 512731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 517AD5 second address: 517AEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5954CE94B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 517AEB second address: 517B02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F595561499Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 517B02 second address: 517B08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 517B08 second address: 517B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 518B47 second address: 518B51 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52EDDB second address: 52EDE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52EDE0 second address: 52EDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5954CE94B7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52EDFB second address: 52EE09 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F5955614996h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52EE09 second address: 52EE0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52F6FE second address: 52F723 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F5955614996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F59556149A6h 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52FA2B second address: 52FA5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B1h 0x00000007 jl 00007F5954CE94C0h 0x0000000d jmp 00007F5954CE94B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52FF54 second address: 52FF58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 533B1C second address: 533B22 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 533B22 second address: 533B51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F59556149A6h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnp 00007F595561499Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 533B51 second address: 533B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5384D3 second address: 5384DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5384DA second address: 5384E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5384E3 second address: 5384E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 538958 second address: 53895E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 538F27 second address: 538F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F595561499Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 538F40 second address: 538F46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539338 second address: 539357 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539357 second address: 539368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F5954CE94A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539368 second address: 53937A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jp 00007F5955614996h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B2DB9 second address: 4B2DDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94ABh 0x00000007 jp 00007F5954CE94A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F5954CE94A8h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B2DDA second address: 4B2DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5955614996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541833 second address: 541839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541839 second address: 54183D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541CAF second address: 541CBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jnp 00007F5954CE94A6h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541E1C second address: 541E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541E26 second address: 541E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541E2E second address: 541E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54227A second address: 54227E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5423D7 second address: 5423E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jbe 00007F5955614996h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5423E7 second address: 5423FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5423FE second address: 542404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542404 second address: 542433 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jne 00007F5954CE94A6h 0x00000010 pop ebx 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jc 00007F5954CE94A6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542433 second address: 542437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542437 second address: 542448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 ja 00007F5954CE94A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 542448 second address: 54244E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5425A7 second address: 5425C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5954CE94B5h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E394B second address: 4E3956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5955614996h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E3956 second address: 4E3966 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94ABh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4C54A6 second address: 4C54B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F595561499Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4C54B4 second address: 4C54C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54138D second address: 5413ED instructions: 0x00000000 rdtsc 0x00000002 je 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007F595561499Eh 0x00000016 jmp 00007F595561499Eh 0x0000001b pushad 0x0000001c popad 0x0000001d jnp 00007F5955614996h 0x00000023 popad 0x00000024 popad 0x00000025 pushad 0x00000026 jmp 00007F595561499Ch 0x0000002b push ebx 0x0000002c jmp 00007F595561499Eh 0x00000031 ja 00007F5955614996h 0x00000037 pop ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pop edx 0x0000003c push ecx 0x0000003d pop ecx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5477F9 second address: 547817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94ADh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007F5954CE94A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE16E second address: 4FE194 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F59556149A3h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jbe 00007F5955614996h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE194 second address: 4FE19A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE385 second address: 4FE3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 mov dword ptr [esp], esi 0x0000000b and ecx, dword ptr [ebp+122D3905h] 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F59556149A1h 0x0000001a jmp 00007F595561499Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE563 second address: 4FE56D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE56D second address: 4FE572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEAF1 second address: 4FEAFB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEAFB second address: 4FEB00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEB00 second address: 4FEB3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jg 00007F5954CE94AEh 0x0000000e jc 00007F5954CE94A8h 0x00000014 pushad 0x00000015 popad 0x00000016 nop 0x00000017 xor edi, dword ptr [ebp+122D382Dh] 0x0000001d push 0000001Eh 0x0000001f or dword ptr [ebp+122D1953h], eax 0x00000025 nop 0x00000026 jng 00007F5954CE94B2h 0x0000002c jmp 00007F5954CE94ACh 0x00000031 push eax 0x00000032 pushad 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEB3D second address: 4FEB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5955614996h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEECA second address: 4FEEE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jbe 00007F5954CE94A6h 0x0000000f jns 00007F5954CE94A6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEF7E second address: 4FEF82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEF82 second address: 4E394B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F5954CE94B9h 0x00000011 jno 00007F5954CE94ACh 0x00000017 popad 0x00000018 nop 0x00000019 jo 00007F5954CE94A9h 0x0000001f movsx ecx, ax 0x00000022 call dword ptr [ebp+122D2B46h] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F5954CE94ACh 0x0000002f push ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 546FCD second address: 546FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F595561499Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 546FE0 second address: 547015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F5954CE94C8h 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547015 second address: 547022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F59556149A2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5472DD second address: 5472E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5472E1 second address: 547301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F59556149A8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547301 second address: 547305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547305 second address: 547312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547312 second address: 547318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547318 second address: 547320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547320 second address: 547346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5954CE94A6h 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 jnc 00007F5954CE94A6h 0x00000017 pop edi 0x00000018 je 00007F5954CE94AEh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 547346 second address: 547361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F59556149A5h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54994B second address: 549953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 549953 second address: 54997E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F59556149A1h 0x0000000d jg 00007F59556149A2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 549ADC second address: 549AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 549AE4 second address: 549AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54C64B second address: 54C651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CA38 second address: 54CA45 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CA45 second address: 54CA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5954CE94B1h 0x00000009 pop esi 0x0000000a jc 00007F5954CE94ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55368D second address: 5536AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F59556149A8h 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5536AD second address: 5536B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5536B3 second address: 5536B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5536B8 second address: 5536CC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5954CE94AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5536CC second address: 5536E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jnp 00007F595561499Eh 0x00000011 jno 00007F5955614996h 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 553834 second address: 553839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 553B13 second address: 553B17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE90A second address: 4FE942 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5954CE94B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE942 second address: 4FE946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE9E8 second address: 4FE9EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FE9EE second address: 4FE9F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554AE2 second address: 554AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554AEA second address: 554AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559429 second address: 559439 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5954CE94A6h 0x00000008 jbe 00007F5954CE94A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559439 second address: 559440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559440 second address: 559451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007F5954CE94C4h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559451 second address: 559457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559457 second address: 55945B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55945B second address: 559465 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5955614996h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55913F second address: 559143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559143 second address: 559147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559147 second address: 55915B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5954CE94ABh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55915B second address: 559163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D360 second address: 55D366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D366 second address: 55D376 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D376 second address: 55D37A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55C921 second address: 55C940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F59556149A0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F5955614996h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55C940 second address: 55C946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55C946 second address: 55C966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 jbe 00007F5955614996h 0x0000000f popad 0x00000010 popad 0x00000011 push ecx 0x00000012 jbe 00007F59556149A2h 0x00000018 jnl 00007F5955614996h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CEBA second address: 55CEC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F5954CE94ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CEC7 second address: 55CED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56536E second address: 565374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56346D second address: 563473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 563473 second address: 563477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 563477 second address: 5634A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F595561499Ah 0x00000007 jmp 00007F595561499Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F59556149A0h 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 563749 second address: 56376C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F5954CE94B0h 0x00000008 jnl 00007F5954CE94A6h 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56376C second address: 563770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 564227 second address: 56422E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 564823 second address: 564838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F59556149A1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 564DE4 second address: 564DE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56D888 second address: 56D8C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F59556149A0h 0x00000007 jmp 00007F59556149A1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnc 00007F5955614996h 0x00000015 jnc 00007F5955614996h 0x0000001b jmp 00007F595561499Bh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DB78 second address: 56DB83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DB83 second address: 56DBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5955614996h 0x0000000a jg 00007F5955614996h 0x00000010 popad 0x00000011 pushad 0x00000012 jnp 00007F59556149ADh 0x00000018 jmp 00007F59556149A7h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DBB6 second address: 56DBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DBBC second address: 56DBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DBC0 second address: 56DBE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B8h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F5954CE94AEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56DD6E second address: 56DD72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E180 second address: 56E186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 577A4F second address: 577A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e jns 00007F5955614998h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 576287 second address: 57628D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57628D second address: 576291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57654A second address: 57654E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57654E second address: 57656B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F59556149A3h 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 576807 second address: 57680B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57680B second address: 576811 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 576811 second address: 57681E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57681E second address: 57686B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F59556149A0h 0x00000009 jl 00007F5955614996h 0x0000000f popad 0x00000010 popad 0x00000011 push esi 0x00000012 pushad 0x00000013 jmp 00007F59556149A7h 0x00000018 jmp 00007F59556149A6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57686B second address: 576875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5769BE second address: 5769C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5769C2 second address: 5769DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5954CE94AFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 577930 second address: 577935 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D331 second address: 57D33B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5954CE94A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D33B second address: 57D341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D341 second address: 57D346 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D346 second address: 57D35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F59556149A3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D35F second address: 57D370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F5954CE94AEh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D4CD second address: 57D4E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5955614996h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57FDE3 second address: 57FDE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57FDE9 second address: 57FDEF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57FDEF second address: 57FDF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57FDF6 second address: 57FDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A344 second address: 58A349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A349 second address: 58A350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A350 second address: 58A365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A365 second address: 58A37F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F59556149A6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CDE5 second address: 58CDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F5954CE94AAh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CDF6 second address: 58CDFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CDFC second address: 58CE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5954CE94AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CE0E second address: 58CE12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CE12 second address: 58CE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58CE18 second address: 58CE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F5955614996h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58C801 second address: 58C813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 597EB8 second address: 597ECA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F5955614996h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 597ECA second address: 597EE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F5954CE94ADh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B643E second address: 4B6444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B6444 second address: 4B6467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5954CE94A6h 0x0000000a js 00007F5954CE94A6h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 pop eax 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pop eax 0x00000017 popad 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jns 00007F5954CE94A6h 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B6467 second address: 4B646B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A740A second address: 5A7424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7424 second address: 5A7432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F5955614998h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7432 second address: 5A7447 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B0h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7447 second address: 5A744D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7B7C second address: 5A7B8F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7E7E second address: 5A7EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007F595561499Eh 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007F59556149ADh 0x00000015 jmp 00007F59556149A4h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7EC7 second address: 5A7ECE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC44D second address: 5AC462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007F59556149AAh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jnp 00007F5955614996h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC462 second address: 5AC466 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5ABF85 second address: 5ABF99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F595561499Ch 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC0EB second address: 5AC0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC0F5 second address: 5AC102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5955614996h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC102 second address: 5AC10E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5954CE94A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC10E second address: 5AC112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC112 second address: 5AC128 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC128 second address: 5AC138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F5955614996h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC138 second address: 5AC13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B056B second address: 5B056F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B056F second address: 5B0573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B4974 second address: 4B4980 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jbe 00007F5955614996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA56B second address: 5BA571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA571 second address: 5BA575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BC8DD second address: 5BC8FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F5954CE94B9h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BC8FC second address: 5BC928 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F595561499Eh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F595561499Ch 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push edx 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CE6B4 second address: 5CE6B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CE6B9 second address: 5CE6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CE809 second address: 5CE823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5954CE94A6h 0x0000000a pop esi 0x0000000b push esi 0x0000000c jno 00007F5954CE94A6h 0x00000012 pop esi 0x00000013 pop eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CE823 second address: 5CE82B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E453C second address: 5E456F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F5954CE94AAh 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5954CE94B6h 0x00000015 push esi 0x00000016 jng 00007F5954CE94A6h 0x0000001c pop esi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E456F second address: 5E4574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E346C second address: 5E3470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E386C second address: 5E3871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E39A0 second address: 5E39BB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jo 00007F5954CE94A6h 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E39BB second address: 5E39ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5955614996h 0x0000000a popad 0x0000000b pushad 0x0000000c jg 00007F5955614996h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F595561499Ch 0x00000019 popad 0x0000001a popad 0x0000001b ja 00007F59556149B6h 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E39ED second address: 5E39F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E3DFC second address: 5E3E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E3E00 second address: 5E3E33 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5954CE94A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007F5954CE94B8h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop ecx 0x00000016 push ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 jc 00007F5954CE94A6h 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E3E33 second address: 5E3E4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F595561499Ah 0x00000009 jmp 00007F595561499Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E3E4E second address: 5E3E6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5954CE94B1h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E3E6B second address: 5E3E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E4220 second address: 5E422A instructions: 0x00000000 rdtsc 0x00000002 je 00007F5954CE94A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E422A second address: 5E4233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E4233 second address: 5E4239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5FEA second address: 5E5FF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5FF2 second address: 5E6018 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5954CE94B5h 0x00000007 ja 00007F5954CE94A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E6018 second address: 5E603B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 je 00007F59556149B6h 0x0000000d jmp 00007F595561499Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F5955614996h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E603B second address: 5E603F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E38 second address: 5E5E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E3C second address: 5E5E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E40 second address: 5E5E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E48 second address: 5E5E4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E4D second address: 5E5E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F595561499Eh 0x00000011 jmp 00007F59556149A5h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5E7F second address: 5E5E89 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5954CE94ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E8F49 second address: 5E8F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E8F56 second address: 5E8F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E8F5B second address: 5E8F9A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5955614998h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dx, cx 0x0000000e push dword ptr [ebp+122D21A4h] 0x00000014 mov dword ptr [ebp+122D31A5h], ecx 0x0000001a mov edx, eax 0x0000001c push 3F71B4CEh 0x00000021 pushad 0x00000022 pushad 0x00000023 jmp 00007F59556149A4h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA28F second address: 5EA2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5954CE94ADh 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA2A7 second address: 5EA2B1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5955614996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA2B1 second address: 5EA2B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA2B7 second address: 5EA2CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F595561499Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA2CA second address: 5EA2CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 34CBED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 34CCA5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 51C536 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 58143A instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 1292 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5648 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.1495863381.00000000004D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1496527747.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000E78000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496527747.0000000000E78000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1495270125.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1495863381.00000000004D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0032DF70 LdrInitializeThunk, 0_2_0032DF70
Source: file.exe, file.exe, 00000000.00000002.1495863381.00000000004D6000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561923 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 10 property-imper.sbs 2->10 14 Suricata IDS alerts for network traffic 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Machine Learning detection for sample 2->18 20 2 other signatures 2->20 6 file.exe 2->6         started        signatures3 process4 dnsIp5 12 property-imper.sbs 104.21.33.116, 443, 49704, 49705 CLOUDFLARENETUS United States 6->12 22 Detected unpacking (changes PE section rights) 6->22 24 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->24 26 Tries to evade debugger and weak emulator (self modifying code) 6->26 28 4 other signatures 6->28 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.33.116
 property-imper.sbs United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
property-imper.sbs 104.21.33.116 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://property-imper.sbs/api false
    		high