Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562030
MD5: 8453f1d8df8f15f1bbc160bd225b7df3
SHA1: 4b62adaf743ed29ba865c424d24f73259fd08d5f
SHA256: 52eada2c59ecea03387a3b6fa6a1e557cd5f32ebfc4f478c2e6800f56e25eef0
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://frogs-severz.sbs/w Avira URL Cloud: Label: malware
Source: https://frogs-severz.sbs/api Avira URL Cloud: Label: malware
Source: https://frogs-severz.sbs/apin Avira URL Cloud: Label: malware
Source: https://frogs-severz.sbs/ Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 50% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.88.250:443 -> 192.168.2.7:49705 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], bl 5_2_00E3CF05
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, eax 5_2_00E6B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 5_2_00E6B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+14h] 5_2_00E398F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 5_2_00E6F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 5_2_00E6F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h] 5_2_00E3E0D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 5_2_00E6B860
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 5_2_00E50870
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 5_2_00E6C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh 5_2_00E6C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h 5_2_00E6C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 5_2_00E6C040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 5_2_00E3C02B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+14h] 5_2_00E3E970
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], cx 5_2_00E3EA38
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-65h] 5_2_00E3E35B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h 5_2_00E6BCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 5_2_00E58CB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 5_2_00E35C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 5_2_00E35C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 5_2_00E3BC9D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx] 5_2_00E3AD00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [edi] 5_2_00E55E90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h] 5_2_00E377D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax 5_2_00E377D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch] 5_2_00E70F60

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49705 -> 104.21.88.250:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49705 -> 104.21.88.250:443
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 104.21.88.250:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49707 -> 104.21.88.250:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: frogs-severz.sbs
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic DNS traffic detected: DNS query: frogs-severz.sbs
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: frogs-severz.sbs
Source: file.exe, 00000005.00000003.1345252759.000000000173F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.0000000001742000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.microsoftb
Source: file.exe, 00000005.00000003.1345252759.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346187098.00000000016FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://frogs-severz.sbs/
Source: file.exe, 00000005.00000003.1345252759.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000003.1345190059.0000000001751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.0000000001756000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://frogs-severz.sbs/api
Source: file.exe, 00000005.00000002.1346187098.00000000016E6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://frogs-severz.sbs/apin
Source: file.exe, 00000005.00000003.1345252759.000000000174A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000005.00000002.1346505388.000000000174A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://frogs-severz.sbs/w
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown HTTPS traffic detected: 104.21.88.250:443 -> 192.168.2.7:49705 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E69030 5_2_00E69030
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E389A0 5_2_00E389A0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3CF05 5_2_00E3CF05
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E6B8E0 5_2_00E6B8E0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E398F0 5_2_00E398F0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E6F8D0 5_2_00E6F8D0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3E0D8 5_2_00E3E0D8
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 5_2_00FFB884
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E50870 5_2_00E50870
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E34040 5_2_00E34040
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E36840 5_2_00E36840
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E6C040 5_2_00E6C040
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00EF3056 5_2_00EF3056
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F969DB 5_2_00F969DB
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E641D0 5_2_00E641D0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E361A0 5_2_00E361A0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3E970 5_2_00E3E970
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F1413B 5_2_00F1413B
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FF82F1 5_2_00FF82F1
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E34AC0 5_2_00E34AC0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E35AC9 5_2_00E35AC9
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F712C6 5_2_00F712C6
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_0100CB35 5_2_0100CB35
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F67AB4 5_2_00F67AB4
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_01005BBB 5_2_01005BBB
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F76A05 5_2_00F76A05
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E39210 5_2_00E39210
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3B210 5_2_00E3B210
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FA33F5 5_2_00FA33F5
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E32B80 5_2_00E32B80
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E4FB60 5_2_00E4FB60
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E4DB30 5_2_00E4DB30
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E624E0 5_2_00E624E0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E36CC0 5_2_00E36CC0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFD4D5 5_2_00FFD4D5
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E394D0 5_2_00E394D0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F874BA 5_2_00F874BA
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E58CB0 5_2_00E58CB0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E70C80 5_2_00E70C80
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FC1C90 5_2_00FC1C90
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E35C90 5_2_00E35C90
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_01002595 5_2_01002595
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FBCC55 5_2_00FBCC55
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3542C 5_2_00E3542C
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F57400 5_2_00F57400
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_0100ADFC 5_2_0100ADFC
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E33580 5_2_00E33580
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E71580 5_2_00E71580
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E53D70 5_2_00E53D70
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E49530 5_2_00E49530
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E3AD00 5_2_00E3AD00
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00EB0511 5_2_00EB0511
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F94EAB 5_2_00F94EAB
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E55E90 5_2_00E55E90
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_01035FA1 5_2_01035FA1
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E50650 5_2_00E50650
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E57E20 5_2_00E57E20
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00F28E39 5_2_00F28E39
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FF9E11 5_2_00FF9E11
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00EACFE0 5_2_00EACFE0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E327D0 5_2_00E327D0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E377D0 5_2_00E377D0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E687B0 5_2_00E687B0
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E6C780 5_2_00E6C780
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E51790 5_2_00E51790
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E70F60 5_2_00E70F60
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E58770 5_2_00E58770
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_01004EAD 5_2_01004EAD
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFEF12 5_2_00FFEF12
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9992443647540984
Source: file.exe Static PE information: Section: rujnmhpu ZLIB complexity 0.9942296429910045
Source: classification engine Classification label: mal100.evad.winEXE@1/0@2/1
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E627B0 CoCreateInstance, 5_2_00E627B0
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe Virustotal: Detection: 50%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1879040 > 1048576
Source: file.exe Static PE information: Raw size of rujnmhpu is bigger than: 0x100000 < 0x1a0e00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 5.2.file.exe.e30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rujnmhpu:EW;bfyrfdky:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rujnmhpu:EW;bfyrfdky:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1cf736 should be: 0x1d238f
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: rujnmhpu
Source: file.exe Static PE information: section name: bfyrfdky
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_01042910 push ebx; mov dword ptr [esp], edi 5_2_01042967
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_010C3916 push 08A4EAE0h; mov dword ptr [esp], edi 5_2_010C3940
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_0108592D push 5F6BD2D3h; mov dword ptr [esp], eax 5_2_01085953
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push edx; mov dword ptr [esp], ebp 5_2_00FFB93D
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 5337B263h; mov dword ptr [esp], ecx 5_2_00FFB956
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 02F79533h; mov dword ptr [esp], ecx 5_2_00FFBA02
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 4416E455h; mov dword ptr [esp], eax 5_2_00FFBA94
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 2209E6C9h; mov dword ptr [esp], edx 5_2_00FFBA9C
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 3DBA71DCh; mov dword ptr [esp], eax 5_2_00FFBB21
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 373E004Eh; mov dword ptr [esp], eax 5_2_00FFBBE6
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push ebp; mov dword ptr [esp], 5BF766E1h 5_2_00FFBBEA
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 2C9C3690h; mov dword ptr [esp], eax 5_2_00FFBC08
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 561D9A97h; mov dword ptr [esp], edx 5_2_00FFBC25
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push edx; mov dword ptr [esp], ecx 5_2_00FFBC7E
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push eax; mov dword ptr [esp], 4EE91081h 5_2_00FFBDDF
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 41889419h; mov dword ptr [esp], ebp 5_2_00FFBE94
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push eax; mov dword ptr [esp], ebp 5_2_00FFBE98
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push eax; mov dword ptr [esp], edi 5_2_00FFBF0C
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push edi; mov dword ptr [esp], edx 5_2_00FFBF16
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 0F3EBED4h; mov dword ptr [esp], ecx 5_2_00FFBF39
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 507E0D0Ch; mov dword ptr [esp], edx 5_2_00FFBF66
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push esi; mov dword ptr [esp], 7F7596B2h 5_2_00FFBF83
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push eax; mov dword ptr [esp], ebp 5_2_00FFBFCA
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push ebx; mov dword ptr [esp], esi 5_2_00FFC016
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 4221547Eh; mov dword ptr [esp], edi 5_2_00FFC05C
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push eax; mov dword ptr [esp], ecx 5_2_00FFC0EA
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push ebx; mov dword ptr [esp], ecx 5_2_00FFC139
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push esi; mov dword ptr [esp], ecx 5_2_00FFC2E5
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push ebp; mov dword ptr [esp], edx 5_2_00FFC2FE
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push ebx; mov dword ptr [esp], ebp 5_2_00FFC3B4
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00FFB884 push 429FBDB7h; mov dword ptr [esp], edx 5_2_00FFC491
Source: file.exe Static PE information: section name: entropy: 7.9830267729782625
Source: file.exe Static PE information: section name: rujnmhpu entropy: 7.953499321906515

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1010AF8 second address: 1010B03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1010B03 second address: 1010B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101107C second address: 1011080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 101475B second address: E8CA90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 08C8D0D8h 0x0000000e mov di, 9141h 0x00000012 push dword ptr [ebp+122D0D41h] 0x00000018 and edx, dword ptr [ebp+122D2D3Dh] 0x0000001e call dword ptr [ebp+122D1940h] 0x00000024 pushad 0x00000025 jmp 00007FBC40C70F2Dh 0x0000002a xor eax, eax 0x0000002c jmp 00007FBC40C70F30h 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 ja 00007FBC40C70F2Ch 0x0000003b sub dword ptr [ebp+122D2E1Ah], edx 0x00000041 mov dword ptr [ebp+122D2C9Ah], eax 0x00000047 mov dword ptr [ebp+122D2E1Ah], edx 0x0000004d mov esi, 0000003Ch 0x00000052 jnc 00007FBC40C70F42h 0x00000058 jne 00007FBC40C70F3Ch 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 jmp 00007FBC40C70F2Ch 0x00000067 lodsw 0x00000069 je 00007FBC40C70F35h 0x0000006f jmp 00007FBC40C70F2Fh 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 mov dword ptr [ebp+122D2E1Ah], eax 0x0000007e sub dword ptr [ebp+122D2E1Ah], ecx 0x00000084 mov ebx, dword ptr [esp+24h] 0x00000088 pushad 0x00000089 or cl, FFFFFFB9h 0x0000008c push ecx 0x0000008d pushad 0x0000008e popad 0x0000008f pop esi 0x00000090 popad 0x00000091 nop 0x00000092 push ebx 0x00000093 push eax 0x00000094 push edx 0x00000095 jmp 00007FBC40C70F2Ah 0x0000009a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014858 second address: 1014901 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A892h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jmp 00007FBC40C6A88Ch 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jnl 00007FBC40C6A88Ch 0x0000001a mov eax, dword ptr [eax] 0x0000001c push edi 0x0000001d pushad 0x0000001e jl 00007FBC40C6A886h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 popad 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c jmp 00007FBC40C6A893h 0x00000031 pop eax 0x00000032 pushad 0x00000033 mov edi, 03838363h 0x00000038 pushad 0x00000039 mov ch, F5h 0x0000003b xor edi, 7D40942Ah 0x00000041 popad 0x00000042 popad 0x00000043 lea ebx, dword ptr [ebp+1245B693h] 0x00000049 mov dx, 60C3h 0x0000004d jmp 00007FBC40C6A898h 0x00000052 xchg eax, ebx 0x00000053 pushad 0x00000054 push ecx 0x00000055 pushad 0x00000056 popad 0x00000057 pop ecx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FBC40C6A894h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014901 second address: 1014912 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014912 second address: 1014916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014A54 second address: 1014A68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edi 0x0000000c jc 00007FBC40C70F2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014A68 second address: 1014A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 js 00007FBC40C6A8A5h 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007FBC40C6A886h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014A7D second address: 1014AD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edx 0x0000000e jmp 00007FBC40C70F37h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 or dword ptr [ebp+122D2E99h], ecx 0x0000001b lea ebx, dword ptr [ebp+1245B69Ch] 0x00000021 xor dword ptr [ebp+122D1992h], ebx 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 jmp 00007FBC40C70F2Bh 0x0000002e je 00007FBC40C70F2Ch 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014B4D second address: 1014B9D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D190Eh], edi 0x00000010 push 00000000h 0x00000012 sub dword ptr [ebp+122D2D28h], ecx 0x00000018 call 00007FBC40C6A889h 0x0000001d pushad 0x0000001e jmp 00007FBC40C6A895h 0x00000023 push edi 0x00000024 js 00007FBC40C6A886h 0x0000002a pop edi 0x0000002b popad 0x0000002c push eax 0x0000002d push edi 0x0000002e push ecx 0x0000002f pushad 0x00000030 popad 0x00000031 pop ecx 0x00000032 pop edi 0x00000033 mov eax, dword ptr [esp+04h] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014B9D second address: 1014BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014BA2 second address: 1014BCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A898h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FBC40C6A888h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014BCA second address: 1014C7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBC40C70F36h 0x00000008 jng 00007FBC40C70F26h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push edi 0x00000016 jbe 00007FBC40C70F28h 0x0000001c pop edi 0x0000001d pop eax 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007FBC40C70F28h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000019h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 push 00000003h 0x0000003a jmp 00007FBC40C70F38h 0x0000003f push 00000000h 0x00000041 mov edx, dword ptr [ebp+122D2C1Eh] 0x00000047 push 00000003h 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007FBC40C70F28h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 0000001Dh 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 mov dword ptr [ebp+122D1952h], esi 0x00000069 call 00007FBC40C70F29h 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 js 00007FBC40C70F26h 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014C7F second address: 1014C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014C84 second address: 1014C89 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014C89 second address: 1014C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBC40C6A88Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014C9D second address: 1014CDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e pushad 0x0000000f jo 00007FBC40C70F26h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop esi 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007FBC40C70F37h 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push edx 0x00000027 push ecx 0x00000028 pop ecx 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1014CDE second address: 1014D1A instructions: 0x00000000 rdtsc 0x00000002 je 00007FBC40C6A88Ch 0x00000008 jl 00007FBC40C6A886h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 jns 00007FBC40C6A889h 0x00000017 lea ebx, dword ptr [ebp+1245B6A7h] 0x0000001d sub dword ptr [ebp+122D2E0Dh], edx 0x00000023 xchg eax, ebx 0x00000024 jmp 00007FBC40C6A890h 0x00000029 push eax 0x0000002a pushad 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1005655 second address: 1005683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FBC40C70F31h 0x0000000b pop esi 0x0000000c pushad 0x0000000d jmp 00007FBC40C70F2Bh 0x00000012 jno 00007FBC40C70F26h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1033C93 second address: 1033C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103427D second address: 103429A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F35h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103429A second address: 103429E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1034528 second address: 1034530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1034530 second address: 103455E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FBC40C6A88Eh 0x00000012 jne 00007FBC40C6A886h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FBC40C6A88Ch 0x00000021 jno 00007FBC40C6A886h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103455E second address: 1034562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1034562 second address: 103456E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBC40C6A886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1034BC1 second address: 1034BC7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029EC3 second address: 1029EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FBC40C6A886h 0x0000000a popad 0x0000000b jng 00007FBC40C6A88Ch 0x00000011 jg 00007FBC40C6A886h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1029EDA second address: 1029EE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FBC40C70F26h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1034E52 second address: 1034E5C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10355A8 second address: 10355AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1035878 second address: 1035896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FBC40C6A88Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jg 00007FBC40C6A886h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1035896 second address: 10358BD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBC40C70F26h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FBC40C70F35h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1037382 second address: 103738D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 103738D second address: 1037393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042B07 second address: 1042B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF9955 second address: FF9959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042390 second address: 1042399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042684 second address: 10426A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C70F2Ah 0x00000009 pushad 0x0000000a jmp 00007FBC40C70F34h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10426A9 second address: 10426B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042850 second address: 104285B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104285B second address: 104285F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104285F second address: 1042872 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F2Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1042872 second address: 104287B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044B32 second address: 1044B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FBC40C70F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044DDD second address: 1044E10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A896h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jnl 00007FBC40C6A893h 0x00000011 jmp 00007FBC40C6A88Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044E10 second address: 1044E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044E14 second address: 1044E18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044EB3 second address: 1044ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C70F35h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10450B2 second address: 10450B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10450B8 second address: 10450BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1045161 second address: 1045166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1045650 second address: 1045691 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBC40C70F28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007FBC40C70F30h 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 jns 00007FBC40C70F26h 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c jg 00007FBC40C70F2Ch 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 jnp 00007FBC40C70F34h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104570B second address: 104570F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104570F second address: 1045727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBC40C70F2Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1046B70 second address: 1046B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBC40C6A896h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1046B90 second address: 1046B9A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1046B9A second address: 1046C25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FBC40C6A888h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 jc 00007FBC40C6A88Ch 0x0000002a add dword ptr [ebp+122D1985h], edi 0x00000030 and esi, 7FC2B26Ch 0x00000036 push 00000000h 0x00000038 jmp 00007FBC40C6A88Fh 0x0000003d push 00000000h 0x0000003f xchg eax, ebx 0x00000040 push ecx 0x00000041 jmp 00007FBC40C6A897h 0x00000046 pop ecx 0x00000047 push eax 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FBC40C6A895h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1047C92 second address: 1047C99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104845D second address: 1048467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FBC40C6A886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1048467 second address: 1048479 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104A62A second address: 104A62F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104A62F second address: 104A645 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBC40C70F28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FBC40C70F26h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104B171 second address: 104B1E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007FBC40C6A897h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FBC40C6A888h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov edi, dword ptr [ebp+122D1B70h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007FBC40C6A888h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e jp 00007FBC40C6A888h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104B1E1 second address: 104B1E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104B1E7 second address: 104B1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104CF27 second address: 104CF56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007FBC40C70F3Bh 0x0000000e popad 0x0000000f jbe 00007FBC40C70F5Dh 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F641 second address: 104F647 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1050855 second address: 1050859 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F647 second address: 104F64B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1050859 second address: 105085F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F64B second address: 104F64F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F64F second address: 104F661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jbe 00007FBC40C70F2Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F732 second address: 104F737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104F737 second address: 104F73C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10562E1 second address: 10562EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FBC40C6A886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105647C second address: 1056481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105A3CD second address: 105A3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1057559 second address: 105756E instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBC40C70F2Ch 0x00000008 js 00007FBC40C70F26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105A4CD second address: 105A4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C3CB second address: 105C3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105A4D2 second address: 105A4ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBC40C6A897h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C3D0 second address: 105C3D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105A4ED second address: 105A581 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov bx, 4028h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 jo 00007FBC40C6A888h 0x0000001c mov ebx, ecx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push edx 0x00000028 call 00007FBC40C6A888h 0x0000002d pop edx 0x0000002e mov dword ptr [esp+04h], edx 0x00000032 add dword ptr [esp+04h], 00000017h 0x0000003a inc edx 0x0000003b push edx 0x0000003c ret 0x0000003d pop edx 0x0000003e ret 0x0000003f add dword ptr [ebp+122D2E7Eh], ecx 0x00000045 mov eax, dword ptr [ebp+122D06B1h] 0x0000004b push edi 0x0000004c pop edi 0x0000004d mov dword ptr [ebp+122D197Ah], eax 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push ebp 0x00000058 call 00007FBC40C6A888h 0x0000005d pop ebp 0x0000005e mov dword ptr [esp+04h], ebp 0x00000062 add dword ptr [esp+04h], 0000001Ah 0x0000006a inc ebp 0x0000006b push ebp 0x0000006c ret 0x0000006d pop ebp 0x0000006e ret 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FBC40C6A895h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105C3D6 second address: 105C3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105A581 second address: 105A591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBC40C6A88Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105E9E8 second address: 105E9EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105E9EC second address: 105E9FA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBC40C6A886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 105FAC9 second address: 105FB1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FBC40C70F28h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 push 00000000h 0x0000002b mov di, ax 0x0000002e push 00000000h 0x00000030 mov ebx, dword ptr [ebp+122D2BB6h] 0x00000036 xor ebx, dword ptr [ebp+122D2D1Eh] 0x0000003c push eax 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jg 00007FBC40C70F26h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1063793 second address: 10637A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10637A7 second address: 10637AC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A8FE second address: 100A905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A905 second address: 100A90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FBC40C70F26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A90F second address: 100A921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A921 second address: 100A925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A925 second address: 100A92F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBC40C6A886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A92F second address: 100A93F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FBC40C70F26h 0x0000000a jl 00007FBC40C70F26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A93F second address: 100A949 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBC40C6A886h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 100A949 second address: 100A954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106649F second address: 10664E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FBC40C6A893h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBC40C6A88Ch 0x00000016 jmp 00007FBC40C6A891h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10684D0 second address: 10684ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F2Dh 0x00000007 jc 00007FBC40C70F26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F94F second address: 106F961 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBC40C6A888h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F961 second address: 106F96E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F96E second address: 106F990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FBC40C6A886h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 jnp 00007FBC40C6A888h 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F990 second address: 106F994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F994 second address: 106F998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F998 second address: 106F99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106F99E second address: 106F9A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 106FA45 second address: 106FAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBC40C70F3Dh 0x0000000a jmp 00007FBC40C70F37h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FBC40C70F38h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007FBC40C70F33h 0x0000001f mov eax, dword ptr [eax] 0x00000021 pushad 0x00000022 pushad 0x00000023 pushad 0x00000024 popad 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074993 second address: 107499E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FBC40C6A886h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107499E second address: 10749A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1073B98 second address: 1073B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1073B9C second address: 1073BA2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1073BA2 second address: 1073BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FBC40C6A88Eh 0x0000000e jns 00007FBC40C6A886h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074053 second address: 1074074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074074 second address: 107407E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBC40C6A886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107407E second address: 1074083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074083 second address: 1074089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107435B second address: 107435F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10744C6 second address: 10744D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBC40C6A886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10744D0 second address: 1074510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F35h 0x00000007 jmp 00007FBC40C70F2Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007FBC40C70F2Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FBC40C70F2Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074510 second address: 1074514 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1074657 second address: 1074661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10747C8 second address: 10747CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10747CC second address: 10747D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10747D2 second address: 10747D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10747D8 second address: 10747FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FBC40C70F2Ch 0x00000008 jng 00007FBC40C70F26h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FBC40C70F2Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CF1E second address: 107CF27 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CF27 second address: 107CF2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107BAEF second address: 107BB36 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBC40C6A893h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 jmp 00007FBC40C6A890h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007FBC40C6A892h 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107BCA4 second address: 107BCB4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007FBC40C70F2Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107BE29 second address: 107BE3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FBC40C6A886h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107C5AB second address: 107C5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CBC5 second address: 107CBCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CBCB second address: 107CBD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CBD1 second address: 107CBE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A893h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CBE9 second address: 107CBEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CBEF second address: 107CC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBC40C6A886h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jns 00007FBC40C6A88Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CC0D second address: 107CC1C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBC40C70F26h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107CC1C second address: 107CC25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10824B5 second address: 10824B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10824B9 second address: 10824C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081319 second address: 108133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBC40C70F38h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108133A second address: 1081354 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBC40C6A886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FBC40C6A890h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043944 second address: 1043949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043949 second address: 104398A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FBC40C6A88Ch 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnl 00007FBC40C6A890h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FBC40C6A897h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104398A second address: 1043995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043995 second address: 10439A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10439A2 second address: 10439B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C70F2Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10439B3 second address: 10439E8 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBC40C6A888h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007FBC40C6A893h 0x00000015 pop eax 0x00000016 mov edx, dword ptr [ebp+122D37FBh] 0x0000001c push 1D5C9C9Dh 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 pushad 0x00000025 popad 0x00000026 pop ecx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10439E8 second address: 10439EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10439EE second address: 10439F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043B77 second address: 1043B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043C1E second address: 1043C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043E3F second address: 1043E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043E43 second address: 1043E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043E47 second address: 1043E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FBC40C70F28h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1043E58 second address: 1043E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104441C second address: 104445C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FBC40C70F32h 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push edx 0x00000012 jo 00007FBC40C70F2Ch 0x00000018 je 00007FBC40C70F26h 0x0000001e pop edx 0x0000001f mov eax, dword ptr [eax] 0x00000021 push ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FBC40C70F2Fh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104445C second address: 1044460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044460 second address: 1044489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FBC40C70F39h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044489 second address: 104448E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104448E second address: 1044494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044494 second address: 1044498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1044561 second address: 104456E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 104456E second address: 10445E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jne 00007FBC40C6A89Bh 0x0000000f nop 0x00000010 call 00007FBC40C6A88Ah 0x00000015 mov edi, dword ptr [ebp+122D2BA6h] 0x0000001b pop edi 0x0000001c lea eax, dword ptr [ebp+1248A06Bh] 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007FBC40C6A888h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c and ecx, 77B2DB45h 0x00000042 nop 0x00000043 jo 00007FBC40C6A89Ch 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FBC40C6A88Ah 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10445E5 second address: 10445E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10445E9 second address: 102AA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push ecx 0x00000009 jmp 00007FBC40C6A899h 0x0000000e pop ecx 0x0000000f pop ecx 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FBC40C6A888h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b lea eax, dword ptr [ebp+1248A027h] 0x00000031 movzx edx, dx 0x00000034 nop 0x00000035 jmp 00007FBC40C6A897h 0x0000003a push eax 0x0000003b jc 00007FBC40C6A89Ah 0x00000041 jne 00007FBC40C6A894h 0x00000047 nop 0x00000048 jmp 00007FBC40C6A898h 0x0000004d call dword ptr [ebp+122D3718h] 0x00000053 jo 00007FBC40C6A8B1h 0x00000059 js 00007FBC40C6A89Fh 0x0000005f jmp 00007FBC40C6A893h 0x00000064 jno 00007FBC40C6A886h 0x0000006a pushad 0x0000006b jno 00007FBC40C6A886h 0x00000071 push edi 0x00000072 pop edi 0x00000073 pushad 0x00000074 popad 0x00000075 popad 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a jno 00007FBC40C6A886h 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 102AA2D second address: 102AA52 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBC40C70F26h 0x00000008 jmp 00007FBC40C70F2Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007FBC40C70F2Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10816C9 second address: 10816CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081E1B second address: 1081E23 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081E23 second address: 1081E2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10820F1 second address: 10820F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10820F5 second address: 10820F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10820F9 second address: 1082102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B3D6 second address: 108B3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A0DD second address: 108A0EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FBC40C70F26h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A0EA second address: 108A0F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FBC40C6A886h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A0F7 second address: 108A0FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A752 second address: 108A758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A758 second address: 108A76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FBC40C70F2Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A76E second address: 108A77C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108A77C second address: 108A78E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FBC40C70F28h 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108AA31 second address: 108AA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108AA35 second address: 108AA39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108AA39 second address: 108AA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnp 00007FBC40C6A886h 0x0000000d pop ebx 0x0000000e push ecx 0x0000000f jmp 00007FBC40C6A88Ah 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FBC40C6A895h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108F132 second address: 108F148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007FBC40C70F31h 0x0000000b jmp 00007FBC40C70F2Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1003B8A second address: 1003B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10915FB second address: 10915FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10978CE second address: 10978D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FBC40C6A886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097BA2 second address: 1097BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097CEA second address: 1097D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007FBC40C6A897h 0x00000010 jmp 00007FBC40C6A891h 0x00000015 jmp 00007FBC40C6A895h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097D20 second address: 1097D28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097D28 second address: 1097D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FBC40C6A886h 0x0000000e jno 00007FBC40C6A886h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097D3C second address: 1097D40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097E6F second address: 1097E8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FBC40C6A886h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 jl 00007FBC40C6A886h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097E8C second address: 1097E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1097E96 second address: 1097E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1098008 second address: 109800D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109800D second address: 109802D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FBC40C6A894h 0x00000008 pop ecx 0x00000009 jnp 00007FBC40C6A88Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109817C second address: 109818A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007FBC40C70F26h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109C2D7 second address: 109C2DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109C2DD second address: 109C2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109C2E6 second address: 109C2EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109F3B5 second address: 109F3CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FBC40C70F2Bh 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109F3CA second address: 109F3E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 js 00007FBC40C6A8B4h 0x0000000f pushad 0x00000010 jo 00007FBC40C6A886h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109F710 second address: 109F714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109FA39 second address: 109FA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FBC40C6A88Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FBC40C6A890h 0x00000013 jnc 00007FBC40C6A886h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A5544 second address: 10A554B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A56CE second address: 10A56D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A56D6 second address: 10A56DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A56DB second address: 10A5705 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBC40C6A8A4h 0x00000008 jmp 00007FBC40C6A894h 0x0000000d jmp 00007FBC40C6A88Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A5705 second address: 10A5720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C70F37h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A6561 second address: 10A6565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A6565 second address: 10A658F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBC40C70F26h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FBC40C70F2Ch 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FBC40C70F2Dh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A6E7C second address: 10A6E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A6E84 second address: 10A6E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10A713B second address: 10A714E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jp 00007FBC40C6A886h 0x0000000b jp 00007FBC40C6A886h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AFB60 second address: 10AFBA9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBC40C70F26h 0x00000008 jmp 00007FBC40C70F2Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007FBC40C70F2Eh 0x00000015 pop eax 0x00000016 push ecx 0x00000017 pushad 0x00000018 jmp 00007FBC40C70F2Bh 0x0000001d jmp 00007FBC40C70F32h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AFD0A second address: 10AFD14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AFD14 second address: 10AFD7D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBC40C70F26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FBC40C70F2Fh 0x00000012 jmp 00007FBC40C70F39h 0x00000017 pop eax 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FBC40C70F38h 0x00000020 jmp 00007FBC40C70F38h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AFEEE second address: 10AFEF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B01A0 second address: 10B01B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FBC40C70F26h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B01B6 second address: 10B01BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B0316 second address: 10B031F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B031F second address: 10B0325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B0325 second address: 10B0329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B0633 second address: 10B0647 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBC40C6A886h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FBC40C6A886h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B8713 second address: 10B8721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B689C second address: 10B68A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B68A1 second address: 10B68A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B68A7 second address: 10B68AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6E02 second address: 10B6E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBC40C70F45h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B70DE second address: 10B70EB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBC40C6A886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B70EB second address: 10B70F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B70F0 second address: 10B7106 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B72A0 second address: 10B72E1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBC40C70F26h 0x00000008 jng 00007FBC40C70F26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jmp 00007FBC40C70F34h 0x00000016 jno 00007FBC40C70F26h 0x0000001c pop edx 0x0000001d popad 0x0000001e jg 00007FBC40C70F5Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 ja 00007FBC40C70F26h 0x0000002c jc 00007FBC40C70F26h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B747B second address: 10B747F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B747F second address: 10B7485 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7485 second address: 10B7494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FBC40C6A886h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7494 second address: 10B74A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 js 00007FBC40C70F32h 0x0000000c jng 00007FBC40C70F2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7601 second address: 10B7605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7759 second address: 10B775D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B775D second address: 10B7771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FBC40C6A886h 0x0000000e ja 00007FBC40C6A886h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6414 second address: 10B6418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BFC82 second address: 10BFCB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Ah 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FBC40C6A88Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007FBC40C6A886h 0x00000018 jmp 00007FBC40C6A88Dh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BF823 second address: 10BF83F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CB12A second address: 10CB131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CB131 second address: 10CB15C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F37h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBC40C70F30h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF7E0F second address: FF7E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FF7E15 second address: FF7E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D6037 second address: 10D606A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007FBC40C6A886h 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 jo 00007FBC40C6A89Ch 0x00000019 jmp 00007FBC40C6A890h 0x0000001e jbe 00007FBC40C6A886h 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D606A second address: 10D6070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D6070 second address: 10D6074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DDD1B second address: 10DDD26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DDBAF second address: 10DDBB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DDBB3 second address: 10DDBBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DFF8D second address: 10DFF91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E78AC second address: 10E78BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C70F2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E67F3 second address: 10E67F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E75E7 second address: 10E760A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C70F39h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EC158 second address: 10EC15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EC15E second address: 10EC16F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBC40C70F26h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EC16F second address: 10EC17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C6A88Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFCFD0 second address: FFCFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: FFCFD5 second address: FFD00A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBC40C6A899h 0x00000009 jmp 00007FBC40C6A898h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EBD56 second address: 10EBD84 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBC40C70F2Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007FBC40C70F52h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FBC40C70F38h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EBD84 second address: 10EBD88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EBD88 second address: 10EBD91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FC1C9 second address: 10FC1E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jbe 00007FBC40C6A890h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FA5AE second address: 10FA5BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 pop eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FA5BB second address: 10FA5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1109D95 second address: 1109DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FBC40C70F32h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110D2E3 second address: 110D2EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110D2EA second address: 110D30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FBC40C70F33h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110D30B second address: 110D30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1124226 second address: 1124245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FBC40C70F26h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBC40C70F2Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123556 second address: 11235A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A899h 0x00000007 jmp 00007FBC40C6A896h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FBC40C6A89Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11235A6 second address: 11235AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123B8F second address: 1123BAD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBC40C6A886h 0x00000008 jbe 00007FBC40C6A886h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FBC40C6A886h 0x00000018 jo 00007FBC40C6A886h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123D09 second address: 1123D14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123D14 second address: 1123D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBC40C6A894h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBC40C6A88Fh 0x00000015 pushad 0x00000016 jmp 00007FBC40C6A88Ah 0x0000001b pushad 0x0000001c popad 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123ED1 second address: 1123F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007FBC40C70F26h 0x00000010 pop edi 0x00000011 jmp 00007FBC40C70F36h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FBC40C70F30h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123F0C second address: 1123F1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBC40C6A88Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123F1F second address: 1123F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FBC40C70F33h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123F3B second address: 1123F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1123F41 second address: 1123F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FBC40C70F33h 0x0000000d popad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112599D second address: 1125A10 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FBC40C6A898h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FBC40C6A8A1h 0x00000011 push edi 0x00000012 pop edi 0x00000013 jmp 00007FBC40C6A899h 0x00000018 pushad 0x00000019 jmp 00007FBC40C6A892h 0x0000001e pushad 0x0000001f popad 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 popad 0x00000023 popad 0x00000024 push ecx 0x00000025 ja 00007FBC40C6A896h 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125A10 second address: 1125A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1128577 second address: 112857C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112863B second address: 112863F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112863F second address: 11286FC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FBC40C6A888h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 je 00007FBC40C6A888h 0x00000029 mov edx, ecx 0x0000002b push 00000004h 0x0000002d add dh, FFFFFFC1h 0x00000030 call 00007FBC40C6A889h 0x00000035 jmp 00007FBC40C6A894h 0x0000003a push eax 0x0000003b jmp 00007FBC40C6A88Ch 0x00000040 mov eax, dword ptr [esp+04h] 0x00000044 pushad 0x00000045 jmp 00007FBC40C6A88Eh 0x0000004a jmp 00007FBC40C6A890h 0x0000004f popad 0x00000050 mov eax, dword ptr [eax] 0x00000052 jmp 00007FBC40C6A892h 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b pushad 0x0000005c jmp 00007FBC40C6A896h 0x00000061 jc 00007FBC40C6A88Ch 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112B837 second address: 112B88A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBC40C70F26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007FBC40C70F2Eh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007FBC40C70F3Ch 0x00000019 jl 00007FBC40C70F3Ch 0x0000001f jmp 00007FBC40C70F36h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112B88A second address: 112B890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112B890 second address: 112B894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112B3D5 second address: 112B3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112B3DB second address: 112B3E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E8CAE6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 10637FB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 1043453 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 10C57F9 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2868 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5884 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000005.00000002.1345498185.0000000001019000.00000040.00000001.01000000.00000004.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000005.00000002.1346187098.00000000016FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-GBn<
Source: file.exe, 00000005.00000002.1346187098.00000000016FA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000005.00000002.1345498185.0000000001019000.00000040.00000001.01000000.00000004.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000005.00000002.1346187098.00000000016B7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 5_2_00E6DF70 LdrInitializeThunk, 5_2_00E6DF70
Source: file.exe, file.exe, 00000005.00000002.1345498185.0000000001019000.00000040.00000001.01000000.00000004.sdmp Binary or memory string: sProgram Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562030 Sample: file.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 100 10 property-imper.sbs 2->10 12 frogs-severz.sbs 2->12 16 Suricata IDS alerts for network traffic 2->16 18 Antivirus detection for URL or domain 2->18 20 Antivirus / Scanner detection for submitted sample 2->20 22 4 other signatures 2->22 6 file.exe 2->6         started        signatures3 process4 dnsIp5 14 frogs-severz.sbs 104.21.88.250, 443, 49705, 49707 CLOUDFLARENETUS United States 6->14 24 Detected unpacking (changes PE section rights) 6->24 26 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->26 28 Tries to evade debugger and weak emulator (self modifying code) 6->28 30 4 other signatures 6->30 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.88.250
 frogs-severz.sbs United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
frogs-severz.sbs 104.21.88.250 true
property-imper.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://frogs-severz.sbs/api true
  • Avira URL Cloud: malware
 unknown