Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562760
MD5: 1d51ecc205590f39930d9c4685aed827
SHA1: eeb3ef56179a8534e6a8f3279491a59d6afc5ffe
SHA256: 8b3ca7da6a1d9976e10e0b1913b91ef8916d2852f04fb39f8a9875f6bfe50bbb
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection

barindex
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: file.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC9C70 CryptVerifySignatureA, 0_2_00CC9C70
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1952667009.0000000000AF2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1819519753.0000000004E70000.00000004.00001000.00020000.00000000.sdmp

System Summary

barindex
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6D004 0_2_00C6D004
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A027 0_2_00C7A027
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C705DB 0_2_00C705DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C705F7 0_2_00C705F7
Source: file.exe, 00000000.00000002.1952681649.0000000000AF6000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 2754048 > 1048576
Source: file.exe Static PE information: Raw size of gowrbknw is bigger than: 0x100000 < 0x29a600
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1952667009.0000000000AF2000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1819519753.0000000004E70000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.af0000.0.unpack :EW;.rsrc:W;.idata :W;gowrbknw:EW;knmkcqxr:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: file.exe Static PE information: real checksum: 0x2b04cf should be: 0x2a0a3e
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name: gowrbknw
Source: file.exe Static PE information: section name: knmkcqxr
Source: file.exe Static PE information: section name: .taggant
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFEAEB push ecx; mov dword ptr [esp], esi 0_2_00AFF636
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFED14 push 7685E086h; mov dword ptr [esp], edi 0_2_00AFED26
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFD0A1 push 14D8FC3Dh; mov dword ptr [esp], edi 0_2_00AFD0A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7D0D3 push ecx; mov dword ptr [esp], ebp 0_2_00C7D0E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7B0DF push esi; mov dword ptr [esp], esp 0_2_00C7B0F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D530CB push eax; mov dword ptr [esp], 7FDF9D58h 0_2_00D53118
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D530CB push ecx; mov dword ptr [esp], ebx 0_2_00D5316C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6F0E7 push es; retf 0_2_00C6F0F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B03092 push ecx; mov dword ptr [esp], 7EF996F6h 0_2_00B02970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71087 push 05C11271h; mov dword ptr [esp], ebx 0_2_00C710A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71087 push edx; mov dword ptr [esp], edi 0_2_00C710B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71087 push 590FB073h; mov dword ptr [esp], eax 0_2_00C7117E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71087 push edi; mov dword ptr [esp], ebp 0_2_00C711D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7108F push 05C11271h; mov dword ptr [esp], ebx 0_2_00C710A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7108F push edx; mov dword ptr [esp], edi 0_2_00C710B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7108F push 590FB073h; mov dword ptr [esp], eax 0_2_00C7117E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7108F push edi; mov dword ptr [esp], ebp 0_2_00C711D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7909B push edx; mov dword ptr [esp], 3BCF0628h 0_2_00C7909C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E0A6 push 2F0B715Eh; mov dword ptr [esp], ebp 0_2_00C8166E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E0A6 push esi; mov dword ptr [esp], ebx 0_2_00C8167D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF0CB push edx; mov dword ptr [esp], ecx 0_2_00AFF35D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0B4 push ecx; mov dword ptr [esp], ebx 0_2_00C6E21F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0BF push ecx; mov dword ptr [esp], ebx 0_2_00C6E21F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E0BB push ecx; mov dword ptr [esp], ebx 0_2_00C7E0C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E047 push 465F66D1h; mov dword ptr [esp], ecx 0_2_00C6E056
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E047 push 58F69E50h; mov dword ptr [esp], ecx 0_2_00C6E2A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFD02B push eax; mov dword ptr [esp], edx 0_2_00AFD04F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8004D push 168959A1h; mov dword ptr [esp], esi 0_2_00C80063
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7D04F push esi; mov dword ptr [esp], 4A3F2C3Fh 0_2_00C7DDB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E056 push edi; mov dword ptr [esp], 7BF988A2h 0_2_00C7EE0A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E056 push ecx; mov dword ptr [esp], eax 0_2_00C7F1C8
Source: file.exe Static PE information: section name: entropy: 7.821919776172025

Boot Survival

barindex
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AFE352 second address: AFE363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5AEDA second address: C5AEDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5AEDE second address: C5AEE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5AEE4 second address: C5AEF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C708BB second address: C708BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C708BF second address: C708D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F7F34B2F1EEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C746DA second address: C746E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74742 second address: C74779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F7F34B2F1F7h 0x0000000a popad 0x0000000b nop 0x0000000c mov cx, 0845h 0x00000010 push 00000000h 0x00000012 mov dword ptr [ebp+122D35EAh], eax 0x00000018 call 00007F7F34B2F1E9h 0x0000001d push eax 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74779 second address: C7479E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F34CEB139h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7479E second address: C747C5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7F34B2F1E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jmp 00007F7F34B2F1EFh 0x00000015 jo 00007F7F34B2F1ECh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74A2D second address: C74A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F34CEB12Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74A42 second address: C74A6A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D3217h], ecx 0x0000000f push 00000000h 0x00000011 movzx ecx, cx 0x00000014 push C7C07B5Ch 0x00000019 push ebx 0x0000001a pushad 0x0000001b jmp 00007F7F34B2F1EBh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74A6A second address: C74AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 add dword ptr [esp], 383F8524h 0x0000000d mov dword ptr [ebp+122D1DA5h], edx 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7F34CEB128h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f mov esi, eax 0x00000031 push 00000000h 0x00000033 mov edx, 02FE2362h 0x00000038 push 00000003h 0x0000003a clc 0x0000003b push 6B4487C2h 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F7F34CEB12Eh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C74AC1 second address: C74B28 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 54BB783Eh 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F7F34B2F1E8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 jp 00007F7F34B2F1F7h 0x0000002f jmp 00007F7F34B2F1F1h 0x00000034 sub dword ptr [ebp+122D2ABAh], edi 0x0000003a lea ebx, dword ptr [ebp+1244A64Dh] 0x00000040 jmp 00007F7F34B2F1F3h 0x00000045 push eax 0x00000046 push edi 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C686FF second address: C6871B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F34CEB136h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6871B second address: C6872E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jo 00007F7F34B2F1E6h 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6872E second address: C68747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7F34CEB126h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F7F34CEB126h 0x00000013 jbe 00007F7F34CEB126h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C68747 second address: C6874B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6874B second address: C68757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7F34CEB126h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9283C second address: C92840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C92840 second address: C92846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C92AD2 second address: C92AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C92AD8 second address: C92AF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F7F34CEB135h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C92AF3 second address: C92B1B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7F34B2F1E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7F34B2F1F8h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C930CA second address: C930CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C93501 second address: C93505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C93640 second address: C93644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C93644 second address: C93648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C937B2 second address: C937B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C937B8 second address: C937C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C94106 second address: C9410C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9410C second address: C94110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C94110 second address: C9411B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9411B second address: C94150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jmp 00007F7F34B2F1F4h 0x00000010 jmp 00007F7F34B2F1F3h 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C942AA second address: C942B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C942B0 second address: C942B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C942B4 second address: C942D3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7F34CEB136h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C942D3 second address: C9430C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jbe 00007F7F34B2F1ECh 0x0000000d popad 0x0000000e pushad 0x0000000f jng 00007F7F34B2F1ECh 0x00000015 jmp 00007F7F34B2F1EEh 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e jp 00007F7F34B2F1E6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C946E2 second address: C946E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C946E6 second address: C946EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C946EC second address: C9470D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB137h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9470D second address: C94711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C94711 second address: C94742 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB138h 0x00000007 jmp 00007F7F34CEB135h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C94742 second address: C94758 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7F34B2F1EAh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F7F34B2F1E6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C98810 second address: C98814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C09B second address: C9C0AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9FE09 second address: C9FE48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB137h 0x00000007 jnp 00007F7F34CEB126h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F7F34CEB134h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jbe 00007F7F34CEB126h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA066A second address: CA068F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F7F34B2F1E6h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F34B2F1F3h 0x00000011 jp 00007F7F34B2F1E6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA07B2 second address: CA07C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34CEB131h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA19AC second address: CA19B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7F34B2F1E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA1F6E second address: CA1F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7F34CEB126h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA25BC second address: CA25C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA28AC second address: CA28B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA28B0 second address: CA28B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA28B4 second address: CA28BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2A90 second address: CA2A94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2A94 second address: CA2A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2A9A second address: CA2AA4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7F34B2F1ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2AA4 second address: CA2AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F7F34CEB128h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2AB5 second address: CA2ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F34B2F1F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2FC7 second address: CA2FCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2FCC second address: CA2FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA3A14 second address: CA3A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA4B04 second address: CA4B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F7F34B2F1E6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f sub dword ptr [ebp+122D2C66h], esi 0x00000015 push 00000000h 0x00000017 mov si, ax 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F7F34B2F1E8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 call 00007F7F34B2F1F8h 0x0000003b mov edi, dword ptr [ebp+122D386Ch] 0x00000041 pop esi 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 jc 00007F7F34B2F1ECh 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA4B6A second address: CA4B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA5371 second address: CA538A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1F4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA538A second address: CA538F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA6225 second address: CA622A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA622A second address: CA623F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F7F34CEB126h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA623F second address: CA62D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7F34B2F1F9h 0x00000008 je 00007F7F34B2F1E6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F7F34B2F1E8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c sub dword ptr [ebp+122D32B6h], ecx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007F7F34B2F1E8h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e or di, 0E91h 0x00000053 push 00000000h 0x00000055 jng 00007F7F34B2F1ECh 0x0000005b xchg eax, ebx 0x0000005c jng 00007F7F34B2F1F0h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jnl 00007F7F34B2F1E8h 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C55F11 second address: C55F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7F34CEB126h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C55F1B second address: C55F62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F7F34B2F1FCh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 jbe 00007F7F34B2F1ECh 0x00000017 jl 00007F7F34B2F1E6h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7F34B2F1F2h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA84C3 second address: CA84D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34CEB12Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA906F second address: CA90CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 or si, 98C1h 0x0000000c mov di, 431Dh 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F7F34B2F1E8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F7F34B2F1E8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 mov dword ptr [ebp+1246E03Fh], edi 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 pushad 0x00000053 popad 0x00000054 push edx 0x00000055 pop edx 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA90CF second address: CA90F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB135h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jbe 00007F7F34CEB126h 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA90F3 second address: CA90F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA9B87 second address: CA9B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA98AD second address: CA98B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA98B2 second address: CA98C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F7F34CEB126h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAB7DA second address: CAB7E4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7F34B2F1E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAE2DB second address: CAE2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAE2DF second address: CAE2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAE2E3 second address: CAE2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB22DD second address: CB22EA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB1463 second address: CB1469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB22EA second address: CB234A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F7F34B2F1F0h 0x0000000a popad 0x0000000b nop 0x0000000c mov dword ptr [ebp+12450FA8h], esi 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+124483D5h], ebx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007F7F34B2F1E8h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000016h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 mov edi, 48A3B980h 0x0000003b pushad 0x0000003c mov bx, dx 0x0000003f jg 00007F7F34B2F1ECh 0x00000045 popad 0x00000046 xchg eax, esi 0x00000047 push ecx 0x00000048 push esi 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB152F second address: CB1549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnp 00007F7F34CEB126h 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edi 0x00000012 jo 00007F7F34CEB12Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB33C8 second address: CB33D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7F34B2F1ECh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB247B second address: CB248E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB12Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB33D4 second address: CB346A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 jmp 00007F7F34B2F1F5h 0x0000000d pop eax 0x0000000e jmp 00007F7F34B2F1EAh 0x00000013 popad 0x00000014 nop 0x00000015 mov edi, 03E7EB72h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F7F34B2F1E8h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 or dword ptr [ebp+122D3217h], edi 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007F7F34B2F1E8h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 00000016h 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 xor ebx, 15FFCE0Ah 0x0000005e xor dword ptr [ebp+122D1E4Dh], edi 0x00000064 mov dword ptr [ebp+122D2ABAh], esi 0x0000006a xchg eax, esi 0x0000006b jl 00007F7F34B2F1F4h 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB248E second address: CB254A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 nop 0x00000007 push edi 0x00000008 mov edi, eax 0x0000000a pop edi 0x0000000b jmp 00007F7F34CEB134h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F7F34CEB128h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F7F34CEB128h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000015h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 add dword ptr [ebp+122D334Ch], edx 0x00000058 mov eax, dword ptr [ebp+122D0AE1h] 0x0000005e pushad 0x0000005f jmp 00007F7F34CEB130h 0x00000064 sub eax, 5FD92E01h 0x0000006a popad 0x0000006b push FFFFFFFFh 0x0000006d jbe 00007F7F34CEB12Ch 0x00000073 push eax 0x00000074 jnc 00007F7F34CEB144h 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007F7F34CEB132h 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB346A second address: CB346E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB346E second address: CB348C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7F34CEB135h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB363F second address: CB3643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB52B0 second address: CB52B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB52B6 second address: CB52BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB52BC second address: CB52C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB54B0 second address: CB5562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d add dword ptr [ebp+122D1EB8h], esi 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007F7F34B2F1E8h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 jmp 00007F7F34B2F1F3h 0x00000039 push ecx 0x0000003a and bx, A9BEh 0x0000003f pop edi 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 xor dword ptr [ebp+122D35EAh], eax 0x0000004d sub edi, dword ptr [ebp+122D39F8h] 0x00000053 mov eax, dword ptr [ebp+122D1431h] 0x00000059 sub dword ptr [ebp+122D1D5Ah], ecx 0x0000005f push FFFFFFFFh 0x00000061 jnp 00007F7F34B2F1FDh 0x00000067 push esi 0x00000068 jmp 00007F7F34B2F1F5h 0x0000006d pop edi 0x0000006e js 00007F7F34B2F1ECh 0x00000074 xor dword ptr [ebp+122D30E8h], esi 0x0000007a nop 0x0000007b push ecx 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB830B second address: CB8312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB8312 second address: CB8384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F7F34B2F1E8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 or ebx, dword ptr [ebp+122D26CEh] 0x0000002c push 00000000h 0x0000002e mov bl, al 0x00000030 call 00007F7F34B2F1F0h 0x00000035 js 00007F7F34B2F1ECh 0x0000003b sub dword ptr [ebp+122D32C0h], ecx 0x00000041 pop edi 0x00000042 push 00000000h 0x00000044 jnl 00007F7F34B2F1E9h 0x0000004a push eax 0x0000004b push esi 0x0000004c push eax 0x0000004d push edx 0x0000004e jng 00007F7F34B2F1E6h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB8384 second address: CB8388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB64C3 second address: CB6545 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F7F34B2F1E8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+122D392Ch] 0x0000002b push dword ptr fs:[00000000h] 0x00000032 sub ebx, dword ptr [ebp+122D38ECh] 0x00000038 adc di, 52CFh 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov di, dx 0x00000047 mov eax, dword ptr [ebp+122D03F5h] 0x0000004d adc bx, EA08h 0x00000052 mov ebx, dword ptr [ebp+122D2ACEh] 0x00000058 push FFFFFFFFh 0x0000005a jmp 00007F7F34B2F1EBh 0x0000005f nop 0x00000060 push ecx 0x00000061 jmp 00007F7F34B2F1F1h 0x00000066 pop ecx 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB6545 second address: CB654C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB654C second address: CB6551 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA253 second address: CBA268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F34CEB131h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA268 second address: CBA27B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7F34B2F1E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB9502 second address: CB9595 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D1D7Ah], edi 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F7F34CEB128h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F7F34CEB128h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 0000001Bh 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f sub dword ptr [ebp+122D334Ch], edx 0x00000055 mov eax, dword ptr [ebp+122D15F1h] 0x0000005b push FFFFFFFFh 0x0000005d mov di, cx 0x00000060 nop 0x00000061 push eax 0x00000062 jmp 00007F7F34CEB12Fh 0x00000067 pop eax 0x00000068 push eax 0x00000069 pushad 0x0000006a pushad 0x0000006b jmp 00007F7F34CEB12Ah 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB9595 second address: CB95A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F7F34B2F1E6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBA3D8 second address: CBA472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB134h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+122D1E33h], esi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 and di, 44AFh 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 js 00007F7F34CEB139h 0x0000002b jns 00007F7F34CEB133h 0x00000031 mov eax, dword ptr [ebp+122D1745h] 0x00000037 push 00000000h 0x00000039 push ebp 0x0000003a call 00007F7F34CEB128h 0x0000003f pop ebp 0x00000040 mov dword ptr [esp+04h], ebp 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc ebp 0x0000004d push ebp 0x0000004e ret 0x0000004f pop ebp 0x00000050 ret 0x00000051 push FFFFFFFFh 0x00000053 or dword ptr [ebp+122D1F36h], eax 0x00000059 push eax 0x0000005a pushad 0x0000005b pushad 0x0000005c pushad 0x0000005d popad 0x0000005e jc 00007F7F34CEB126h 0x00000064 popad 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F7F34CEB12Dh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB46A second address: CBB470 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB470 second address: CBB474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB474 second address: CBB478 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB478 second address: CBB4FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F7F34CEB128h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push dword ptr fs:[00000000h] 0x0000002c mov dword ptr [ebp+122D3116h], ebx 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov ebx, edi 0x0000003b mov bx, D426h 0x0000003f mov eax, dword ptr [ebp+122D03EDh] 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F7F34CEB128h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000019h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f xor dword ptr [ebp+122D251Eh], esi 0x00000065 push FFFFFFFFh 0x00000067 nop 0x00000068 jl 00007F7F34CEB138h 0x0000006e push eax 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB4FC second address: CBB500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB500 second address: CBB50F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7F34CEB126h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBB50F second address: CBB52F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F7F34B2F1F8h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBD37A second address: CBD3E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 jmp 00007F7F34CEB133h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F7F34CEB128h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b xchg eax, esi 0x0000002c pushad 0x0000002d push ecx 0x0000002e jmp 00007F7F34CEB136h 0x00000033 pop ecx 0x00000034 pushad 0x00000035 push edx 0x00000036 pop edx 0x00000037 push eax 0x00000038 pop eax 0x00000039 popad 0x0000003a popad 0x0000003b push eax 0x0000003c pushad 0x0000003d jl 00007F7F34CEB128h 0x00000043 push eax 0x00000044 pop eax 0x00000045 pushad 0x00000046 push edi 0x00000047 pop edi 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC48D second address: CBC491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC491 second address: CBC497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC497 second address: CBC49C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBD537 second address: CBD53D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC2222 second address: CC223A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5E39A second address: C5E3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jo 00007F7F34CEB132h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5E3A7 second address: C5E3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CCE808 second address: CCE80E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CCE80E second address: CCE812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CCE952 second address: CCE95C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CCEACA second address: CCEACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C61A80 second address: C61A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jno 00007F7F34CEB12Ch 0x0000000b pushad 0x0000000c ja 00007F7F34CEB126h 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD8409 second address: CD840D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDE2CE second address: CDE2EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F7F34CEB12Ch 0x00000012 jbe 00007F7F34CEB128h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDDAD8 second address: CDDAE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7F34B2F1E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE247F second address: CE2483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE2483 second address: CE249F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F34B2F1F6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE249F second address: CE24AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop ebx 0x00000008 jo 00007F7F34CEB12Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAC1D9 second address: CAC1DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACABE second address: CACAC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACCAC second address: CACCB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACCB2 second address: CACCB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACCB7 second address: CACCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACCBD second address: CACD03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, E741h 0x0000000e push 00000004h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F7F34CEB128h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a nop 0x0000002b pushad 0x0000002c jbe 00007F7F34CEB12Ch 0x00000032 jc 00007F7F34CEB126h 0x00000038 push eax 0x00000039 push edx 0x0000003a push ebx 0x0000003b pop ebx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD0A6 second address: CAD0B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7F34B2F1E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD271 second address: CAD277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD277 second address: CAD291 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD291 second address: CAD297 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD43E second address: CAD442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD442 second address: CAD468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F34CEB131h 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 jc 00007F7F34CEB126h 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD513 second address: CAD519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD519 second address: CAD53F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub edx, dword ptr [ebp+1248187Bh] 0x00000011 lea eax, dword ptr [ebp+12481FFCh] 0x00000017 mov cx, 0D24h 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f jo 00007F7F34CEB126h 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD53F second address: CAD546 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAD546 second address: CAD5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F7F34CEB136h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F7F34CEB128h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jno 00007F7F34CEB128h 0x0000002e lea eax, dword ptr [ebp+12481FB8h] 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F7F34CEB128h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e xor cx, E62Ah 0x00000053 nop 0x00000054 push esi 0x00000055 pushad 0x00000056 js 00007F7F34CEB126h 0x0000005c push edx 0x0000005d pop edx 0x0000005e popad 0x0000005f pop esi 0x00000060 push eax 0x00000061 jp 00007F7F34CEB132h 0x00000067 jbe 00007F7F34CEB12Ch 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C66C45 second address: C66C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE28DE second address: CE28E4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE28E4 second address: CE28F0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7F34B2F1EEh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE2A1E second address: CE2A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE2E30 second address: CE2E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE2FAD second address: CE2FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE2FB3 second address: CE2FB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8869D second address: C886A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE7B6C second address: CE7B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1EAh 0x00000009 pop edi 0x0000000a jmp 00007F7F34B2F1F2h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE7B91 second address: CE7B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE7E1C second address: CE7E3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007F7F34B2F1E6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE7E3E second address: CE7E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE7E42 second address: CE7E48 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE8127 second address: CE812B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE812B second address: CE8130 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE8130 second address: CE8138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CE8EC2 second address: CE8EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF4C5D second address: CF4CB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F34CEB12Bh 0x0000000b popad 0x0000000c je 00007F7F34CEB16Dh 0x00000012 pushad 0x00000013 jmp 00007F7F34CEB136h 0x00000018 jmp 00007F7F34CEB133h 0x0000001d jmp 00007F7F34CEB136h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF4041 second address: CF4057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F7F34B2F1F1h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF4642 second address: CF465E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34CEB138h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF465E second address: CF4668 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F34B2F1E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF4668 second address: CF466E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF492E second address: CF4934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF4934 second address: CF493E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF493E second address: CF4943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7863 second address: CF7867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7867 second address: CF7872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFA73B second address: CFA744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFA8FD second address: CFA903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFAC36 second address: CFAC3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFAC3A second address: CFAC68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1ECh 0x00000007 js 00007F7F34B2F1E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F7F34B2F1F1h 0x00000014 popad 0x00000015 push eax 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0131A second address: D01324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7F34CEB126h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D01324 second address: D01328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D00734 second address: D0074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7F34CEB126h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F7F34CEB126h 0x00000015 jbe 00007F7F34CEB126h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0074F second address: D0076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EEh 0x00000007 jnc 00007F7F34B2F1E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F7F34B2F1F2h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0076F second address: D007A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F34CEB126h 0x0000000a pushad 0x0000000b jnp 00007F7F34CEB126h 0x00000011 jmp 00007F7F34CEB12Bh 0x00000016 jg 00007F7F34CEB126h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F7F34CEB12Bh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D008F7 second address: D008FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D008FB second address: D0090A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7F34CEB126h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D00C0A second address: D00C1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EAh 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D042D6 second address: D042E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F7F34CEB126h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D042E0 second address: D042F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7F34B2F1EEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D03A46 second address: D03A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D03A4A second address: D03A4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D03A4E second address: D03A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F7F34CEB136h 0x0000000c push ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D03FFE second address: D04002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04002 second address: D04008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D08A3C second address: D08A46 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7F34B2F1E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D08A46 second address: D08A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D08BC0 second address: D08BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1F0h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F7F34B2F1F9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACECF second address: CACF34 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F7F34CEB128h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+12481FF7h] 0x0000002b mov dword ptr [ebp+122D32B6h], ecx 0x00000031 mov cx, di 0x00000034 add eax, ebx 0x00000036 nop 0x00000037 push edi 0x00000038 jmp 00007F7F34CEB136h 0x0000003d pop edi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jnl 00007F7F34CEB128h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CACF34 second address: CACF78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dx, ax 0x0000000d push 00000004h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F7F34B2F1E8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push eax 0x0000002a jbe 00007F7F34B2F1F4h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D092F8 second address: D0931B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB139h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0931B second address: D0932B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7F34B2F1E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E40 second address: D09E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E46 second address: D09E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E4C second address: D09E5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB12Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E5F second address: D09E8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7F34B2F1F8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jo 00007F7F34B2F1E6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E8B second address: D09E9D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 ja 00007F7F34CEB126h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D09E9D second address: D09EB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1EBh 0x00000007 pushad 0x00000008 je 00007F7F34B2F1E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1142D second address: D11466 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7F34CEB128h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F34CEB137h 0x00000011 jmp 00007F7F34CEB136h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D11466 second address: D1146A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D11592 second address: D115B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jmp 00007F7F34CEB139h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D118C5 second address: D118C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D118C9 second address: D118E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB12Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F7F34CEB126h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D118E5 second address: D118EB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D118EB second address: D118F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F7F34CEB126h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D12CC3 second address: D12CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F34B2F1F0h 0x00000009 jp 00007F7F34B2F1E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC56 second address: D1BC5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC5C second address: D1BC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC60 second address: D1BC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC64 second address: D1BC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC70 second address: D1BC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34CEB12Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1BC81 second address: D1BC92 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F34B2F1E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1ADBD second address: D1ADC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B07A second address: D1B099 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34B2F1F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F7F34B2F1E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B099 second address: D1B09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B33B second address: D1B36C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F7F34B2F1E8h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F7F34B2F1F3h 0x00000013 popad 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 js 00007F7F34B2F1E6h 0x0000001d jno 00007F7F34B2F1E6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B36C second address: D1B377 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B4E9 second address: D1B4EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B4EF second address: D1B505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F7F34CEB12Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B505 second address: D1B52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1F0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F34B2F1F0h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B52E second address: D1B534 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B686 second address: D1B68C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D247CB second address: D247FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB131h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7F34CEB126h 0x0000000f jmp 00007F7F34CEB135h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D247FB second address: D247FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22B21 second address: D22B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F7F34CEB12Eh 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F7F34CEB139h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22B5E second address: D22B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22B62 second address: D22B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22B68 second address: D22B6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22E40 second address: D22E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22E47 second address: D22E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007F7F34B2F1ECh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22F7A second address: D22F7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D22F7E second address: D22F97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1F3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2325C second address: D23262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D23262 second address: D23266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D23266 second address: D23282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB12Ch 0x00000007 jnl 00007F7F34CEB126h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D233CE second address: D23407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1F4h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F7F34B2F1F7h 0x00000010 jns 00007F7F34B2F1E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D23407 second address: D23412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7F34CEB126h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D23E26 second address: D23E32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2B26D second address: D2B271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2AF64 second address: D2AF79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F7F34B2F1E8h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D36EFF second address: D36F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7F34CEB126h 0x0000000a popad 0x0000000b jns 00007F7F34CEB13Dh 0x00000011 push edx 0x00000012 jmp 00007F7F34CEB136h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D36932 second address: D36936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3CB87 second address: D3CB96 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7F34CEB126h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D418C8 second address: D418CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D40400 second address: D40404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D40404 second address: D4040A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4040A second address: D40410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4053A second address: D40564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1EDh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jmp 00007F7F34B2F1EDh 0x00000011 push eax 0x00000012 jnp 00007F7F34B2F1E6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4BAE7 second address: D4BAEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4BAEB second address: D4BAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4BAF7 second address: D4BAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4D0FF second address: D4D109 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7F34B2F1E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4D109 second address: D4D11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F7F34CEB128h 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4D11A second address: D4D129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 js 00007F7F34B2F1F0h 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D54491 second address: D5449D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7F34CEB126h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D54139 second address: D5413E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5918C second address: D59190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5B24A second address: D5B24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5AD9C second address: D5ADAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34CEB12Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5AF0D second address: D5AF11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5AF11 second address: D5AF6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F7F34CEB139h 0x0000000a je 00007F7F34CEB126h 0x00000010 popad 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push edi 0x0000001a ja 00007F7F34CEB13Ah 0x00000020 jmp 00007F7F34CEB12Eh 0x00000025 jl 00007F7F34CEB126h 0x0000002b pushad 0x0000002c push edi 0x0000002d pop edi 0x0000002e jmp 00007F7F34CEB130h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5D3D0 second address: D5D3E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F7F34B2F1ECh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5D3E5 second address: D5D41A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F34CEB137h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F34CEB130h 0x00000010 jl 00007F7F34CEB128h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5D41A second address: D5D435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F34B2F1F7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6506C second address: C65074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C65074 second address: C65078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C65078 second address: C6507C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6507C second address: C65082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C65082 second address: C6508D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D688D3 second address: D688D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D688D9 second address: D688DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D688DF second address: D688E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7698E second address: D76994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D76994 second address: D769A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F34B2F1EAh 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D76B12 second address: D76B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D76B16 second address: D76B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D76B1A second address: D76B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F34CEB126h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007F7F34CEB12Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D76B32 second address: D76B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F34B2F1F0h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7D6BC second address: D7D6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7D6C0 second address: D7D6C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7D847 second address: D7D84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7DB30 second address: D7DB34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8106E second address: D81097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7F34CEB12Dh 0x00000008 jmp 00007F7F34CEB135h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D87A45 second address: D87A4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D87A4C second address: D87A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F7F34CEB12Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D898A4 second address: D898A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D89400 second address: D8940D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jng 00007F7F34CEB12Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8B43E second address: D8B443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8B443 second address: D8B449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80C6E second address: D80C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80EE0 second address: D80F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F7F34CEB126h 0x0000000d jmp 00007F7F34CEB133h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8205C second address: D82071 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7F34B2F1E6h 0x00000008 jg 00007F7F34B2F1E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: AFDBB6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: C9AC30 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CAC387 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: AFDCA1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D2C776 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5060000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5350000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5060000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A027 rdtsc 0_2_00C7A027
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7164 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1952902356.0000000000C79000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1952902356.0000000000C79000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A027 rdtsc 0_2_00C7A027
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFB998 LdrInitializeThunk, 0_2_00AFB998
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, 00000000.00000002.1953231385.0000000000CCC000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
No contacted IP infos