Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562763
MD5: 9b74557efef93db56818bb3355dc0954
SHA1: c7abf497b84ba4c3f3bebcdc92556a2a35fc67d8
SHA256: 6d0eea80b03ff05f40ac2c0bdefde7c8eb4ad3a7cebe0ef9917cab6c20a8be40
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://occupy-blushi.sbs/=H3 Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apil8 Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apiS Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/api4 Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/api Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/apiNs Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 42%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49703 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ecx, edx 0_2_00BE8690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ebp+edx-05DD6E63h] 0_2_00BBAA50
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], bl 0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], dl 0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then lea ecx, dword ptr [eax+eax] 0_2_00BEDC1F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+ebx+0576C973h] 0_2_00BE90C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebx 0_2_00BEC0C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [eax+edi] 0_2_00BEC0C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+edi] 0_2_00BCF1D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_00BDB120
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+58h] 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h] 0_2_00BC929E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h 0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+78h] 0_2_00BD42E2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h 0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00BBF3EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+58h] 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax+0576C96Fh] 0_2_00BE83C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp+2Ch], ebp 0_2_00BEF3C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx-781FA937h] 0_2_00BD8328
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_00BD2320
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h] 0_2_00BC929E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [eax+edi+23h], 00000000h 0_2_00BBB432
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edx], cl 0_2_00BDD44F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [ebp+00h], 00000022h 0_2_00BDA5B0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-20h] 0_2_00BD2580
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00BE5580
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h] 0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ebp+edx*4+00h], ax 0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+34h] 0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00BDA510
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+eax+18DEF997h] 0_2_00BDC6B7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], cl 0_2_00BDD6F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [ebp+edx+00h] 0_2_00BB2620
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [ecx] 0_2_00BD5672
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00BD6660
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], cl 0_2_00BDD65E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc eax 0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, edx 0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push esi 0_2_00BD17A3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ecx, eax 0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 61813E67h 0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+esi*8], 61813E67h 0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx-4EFF805Ch] 0_2_00BD67C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [eax] 0_2_00BF07C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00BD3730
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00BDD72F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp edx 0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov esi, ecx 0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx+20h] 0_2_00BD9970
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ecx, eax 0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ecx], al 0_2_00BCB940
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edx], cl 0_2_00BCB940
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00BCBAA8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 0_2_00BC7AF1
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00BBEAEB
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], cl 0_2_00BDBA11
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push esi 0_2_00BCCA60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, byte ptr [esp+edx-0000009Ah] 0_2_00BEDA5A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov esi, ebx 0_2_00BD9A43
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00BB4BF8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, byte ptr [esp+esi-56FE73B9h] 0_2_00BD5BD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-278BA32Fh] 0_2_00BD6B30
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 0_2_00BC51D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [eax] 0_2_00BF0B00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_00BDDB6C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00BD2C6C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], si 0_2_00BD0DFC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ecx], dl 0_2_00BDCDF3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00BD5EC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [eax+esi*8], 1B6183F2h 0_2_00BD5EC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00BDDE25
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx] 0_2_00BEEE70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+04h] 0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-45h] 0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+64h] 0_2_00BC9FF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 0_2_00BC8F1F

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49703 -> 172.67.187.240:443
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 172.67.187.240 172.67.187.240
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 172.67.187.240:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic DNS traffic detected: DNS query: occupy-blushi.sbs
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://frogs-severz.sbs:443/api
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/=H3
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1344769503.00000000016B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347675102.0000000001654000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/api4
Source: file.exe, 00000000.00000003.1344847415.00000000016A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347877286.00000000016A6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/apiS
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/apil8
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs:443/apiNs
Source: file.exe, 00000000.00000002.1347675102.0000000001631000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs:443/api)t
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49703 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEE16C 0_2_00BEE16C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE8690 0_2_00BE8690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBB890 0_2_00BBB890
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBDBE5 0_2_00BBDBE5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB 0_2_00C380CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB50C0 0_2_00CB50C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 0_2_00C6E0C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C730F4 0_2_00C730F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8D0FF 0_2_00C8D0FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 0_2_00D850E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C810F3 0_2_00C810F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E2C0AB 0_2_00E2C0AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1F088 0_2_00C1F088
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C80097 0_2_00C80097
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC4093 0_2_00CC4093
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C750A3 0_2_00C750A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8C0AD 0_2_00C8C0AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB60D0 0_2_00BB60D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1E0AA 0_2_00C1E0AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C440B2 0_2_00C440B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D8604B 0_2_00D8604B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4805E 0_2_00C4805E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0050 0_2_00CC0050
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7006D 0_2_00C7006D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5707F 0_2_00C5707F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4207F 0_2_00C4207F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C16001 0_2_00C16001
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C55009 0_2_00C55009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C53010 0_2_00C53010
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDD067 0_2_00BDD067
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBC023 0_2_00CBC023
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDD052 0_2_00BDD052
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3F03F 0_2_00C3F03F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAF1CB 0_2_00CAF1CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF11B0 0_2_00BF11B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB21C4 0_2_00CB21C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C671D2 0_2_00C671D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C651DE 0_2_00C651DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9B1D3 0_2_00C9B1D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA31EA 0_2_00CA31EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4A1E0 0_2_00C4A1E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5E1F6 0_2_00C5E1F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C751F2 0_2_00C751F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8B1F2 0_2_00C8B1F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6A1F9 0_2_00C6A1F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C391FC 0_2_00C391FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9918C 0_2_00C9918C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4C18C 0_2_00C4C18C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCE1D0 0_2_00BCE1D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF1D0 0_2_00BEF1D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C201AD 0_2_00C201AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D751AE 0_2_00D751AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9E1B3 0_2_00C9E1B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBA1C0 0_2_00BBA1C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB6156 0_2_00CB6156
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB716A 0_2_00CB716A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD910B 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7617B 0_2_00C7617B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A101 0_2_00C7A101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB2170 0_2_00BB2170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6F119 0_2_00C6F119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2512D 0_2_00C2512D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8F135 0_2_00C8F135
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3C2CA 0_2_00C3C2CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C612CB 0_2_00C612CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA42DB 0_2_00CA42DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6C2E7 0_2_00C6C2E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB12E8 0_2_00CB12E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CF92E7 0_2_00CF92E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC12F8 0_2_00CC12F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C992F6 0_2_00C992F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9828D 0_2_00C9828D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9F28F 0_2_00C9F28F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBE285 0_2_00CBE285
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF2E0 0_2_00BEF2E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD32E2 0_2_00BD32E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD42E2 0_2_00BD42E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7F246 0_2_00C7F246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBF25D 0_2_00CBF25D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3A25C 0_2_00C3A25C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC2253 0_2_00CC2253
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBE218 0_2_00BBE218
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1C265 0_2_00C1C265
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C32266 0_2_00C32266
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C28264 0_2_00C28264
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5326F 0_2_00C5326F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAB266 0_2_00CAB266
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE020C 0_2_00BE020C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C77275 0_2_00C77275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2F276 0_2_00C2F276
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBB273 0_2_00CBB273
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3527A 0_2_00C3527A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB4277 0_2_00CB4277
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4F200 0_2_00C4F200
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9420E 0_2_00C9420E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC6274 0_2_00BC6274
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6C215 0_2_00C6C215
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1B222 0_2_00C1B222
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5D221 0_2_00C5D221
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5922D 0_2_00C5922D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBA23D 0_2_00CBA23D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC623A 0_2_00CC623A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7E23E 0_2_00C7E23E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C97230 0_2_00C97230
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD3247 0_2_00BD3247
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC7236 0_2_00CC7236
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7923B 0_2_00C7923B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB33CD 0_2_00CB33CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4D3D1 0_2_00C4D3D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C393E3 0_2_00C393E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAC3E2 0_2_00CAC3E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCB390 0_2_00BCB390
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C573E9 0_2_00C573E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C833FF 0_2_00C833FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC8385 0_2_00BC8385
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C413F8 0_2_00C413F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C203FC 0_2_00C203FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C49381 0_2_00C49381
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C15387 0_2_00C15387
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C903A0 0_2_00C903A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1F3AB 0_2_00C1F3AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C533AF 0_2_00C533AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBC3D4 0_2_00BBC3D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C303B7 0_2_00C303B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C263B5 0_2_00C263B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C913BE 0_2_00C913BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD910B 0_2_00BD910B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE83C0 0_2_00BE83C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF3C0 0_2_00BEF3C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD8328 0_2_00BD8328
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA7352 0_2_00CA7352
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C16364 0_2_00C16364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7B368 0_2_00C7B368
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6B303 0_2_00C6B303
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8A304 0_2_00C8A304
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE936D 0_2_00BE936D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C54310 0_2_00C54310
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C29318 0_2_00C29318
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE2360 0_2_00BE2360
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C56326 0_2_00C56326
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71336 0_2_00C71336
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB9339 0_2_00CB9339
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7A323 0_2_00D7A323
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1A338 0_2_00C1A338
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C314C6 0_2_00C314C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBC4CD 0_2_00CBC4CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7C4E7 0_2_00C7C4E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C814FE 0_2_00C814FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C474F8 0_2_00C474F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5C485 0_2_00C5C485
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC6488 0_2_00CC6488
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C37488 0_2_00C37488
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC24F0 0_2_00BC24F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4849C 0_2_00C4849C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8F491 0_2_00C8F491
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C924AA 0_2_00C924AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAD4A9 0_2_00CAD4A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDC4D7 0_2_00BDC4D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C694A8 0_2_00C694A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C254B1 0_2_00C254B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB34C0 0_2_00BB34C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA144E 0_2_00CA144E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C59454 0_2_00C59454
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C87450 0_2_00C87450
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7B465 0_2_00C7B465
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6F465 0_2_00C6F465
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C24466 0_2_00C24466
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC847C 0_2_00CC847C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C45415 0_2_00C45415
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6341A 0_2_00C6341A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C50424 0_2_00C50424
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEB450 0_2_00BEB450
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C22432 0_2_00C22432
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C76433 0_2_00C76433
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2D43C 0_2_00C2D43C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAA5CE 0_2_00CAA5CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC65C8 0_2_00CC65C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1C5C9 0_2_00C1C5C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1E5C9 0_2_00C1E5C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCD5B5 0_2_00BCD5B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDA5B0 0_2_00BDA5B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2C5CD 0_2_00C2C5CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3E5D3 0_2_00C3E5D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8D5DA 0_2_00C8D5DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1D5DF 0_2_00C1D5DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9D5EA 0_2_00C9D5EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC55EF 0_2_00CC55EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4B5E3 0_2_00C4B5E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB5593 0_2_00BB5593
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C945E5 0_2_00C945E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA95FA 0_2_00CA95FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4A5F2 0_2_00C4A5F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9E5F5 0_2_00C9E5F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD2580 0_2_00BD2580
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8258A 0_2_00C8258A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBA5E0 0_2_00BBA5E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C705A1 0_2_00C705A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C555AB 0_2_00C555AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAF5BA 0_2_00CAF5BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCD5C8 0_2_00BCD5C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C585B3 0_2_00C585B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE05C0 0_2_00BE05C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C97540 0_2_00C97540
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB8520 0_2_00BB8520
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC151A 0_2_00BC151A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB7573 0_2_00CB7573
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7F56A 0_2_00D7F56A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7450F 0_2_00C7450F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA6500 0_2_00CA6500
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCE570 0_2_00BCE570
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2050F 0_2_00C2050F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C42510 0_2_00C42510
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3F516 0_2_00C3F516
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4A522 0_2_00C4A522
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2852A 0_2_00C2852A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8C521 0_2_00C8C521
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC0542 0_2_00BC0542
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1D6C4 0_2_00C1D6C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA26C6 0_2_00CA26C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C196D9 0_2_00C196D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAB6D3 0_2_00CAB6D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB86D6 0_2_00CB86D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3A6E0 0_2_00C3A6E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9C6EA 0_2_00C9C6EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A6E2 0_2_00C7A6E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBD69D 0_2_00BBD69D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6B6ED 0_2_00C6B6ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C326F8 0_2_00C326F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C296FE 0_2_00C296FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5E6FB 0_2_00C5E6FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA76F5 0_2_00CA76F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8B68A 0_2_00C8B68A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDD6F0 0_2_00BDD6F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1A696 0_2_00C1A696
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C266A4 0_2_00C266A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C20640 0_2_00C20640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D73654 0_2_00D73654
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBA64E 0_2_00CBA64E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5F64D 0_2_00C5F64D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBD65A 0_2_00CBD65A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB2620 0_2_00BB2620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC3651 0_2_00CC3651
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDB66A 0_2_00CDB66A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4D671 0_2_00C4D671
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C49679 0_2_00C49679
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4060D 0_2_00C4060D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7360D 0_2_00C7360D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1860D 0_2_00C1860D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA3613 0_2_00CA3613
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAC616 0_2_00CAC616
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDD65E 0_2_00BDD65E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0626 0_2_00CC0626
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C28637 0_2_00C28637
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE2640 0_2_00BE2640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8E636 0_2_00C8E636
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8C7C3 0_2_00C8C7C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAC7C5 0_2_00CAC7C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C367D1 0_2_00C367D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC67AA 0_2_00BC67AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCE7A0 0_2_00BCE7A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD579D 0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C407E7 0_2_00C407E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4C7E1 0_2_00C4C7E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB6790 0_2_00BB6790
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB37E4 0_2_00CB37E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C917F3 0_2_00C917F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C927F4 0_2_00C927F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB1789 0_2_00CB1789
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC1783 0_2_00CC1783
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7179F 0_2_00C7179F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5779A 0_2_00C5779A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C647A3 0_2_00C647A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAA7A0 0_2_00CAA7A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9E7B3 0_2_00C9E7B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C817B4 0_2_00C817B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C417B9 0_2_00C417B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF07C0 0_2_00BF07C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C39743 0_2_00C39743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9374C 0_2_00C9374C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2274B 0_2_00C2274B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB9747 0_2_00CB9747
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD3730 0_2_00BD3730
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF730 0_2_00BEF730
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC5742 0_2_00CC5742
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5A754 0_2_00C5A754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9F754 0_2_00C9F754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D39774 0_2_00D39774
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6D76D 0_2_00C6D76D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB2771 0_2_00CB2771
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCF700 0_2_00BCF700
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C62704 0_2_00C62704
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D78712 0_2_00D78712
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C98710 0_2_00C98710
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C99716 0_2_00C99716
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7D724 0_2_00C7D724
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4572A 0_2_00C4572A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3C8C7 0_2_00C3C8C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA18CD 0_2_00CA18CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2F8D2 0_2_00C2F8D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C388DC 0_2_00C388DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D728F0 0_2_00D728F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E8EA 0_2_00C6E8EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C608E9 0_2_00C608E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1E8FB 0_2_00C1E8FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC88F3 0_2_00CC88F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB48EF 0_2_00BB48EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C478A6 0_2_00C478A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C988AE 0_2_00C988AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C848B2 0_2_00C848B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAE8B1 0_2_00CAE8B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCF8C0 0_2_00BCF8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C49843 0_2_00C49843
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5884C 0_2_00C5884C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6784B 0_2_00C6784B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7C855 0_2_00C7C855
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2485E 0_2_00C2485E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7D864 0_2_00C7D864
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4286D 0_2_00C4286D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC2862 0_2_00CC2862
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA5879 0_2_00CA5879
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAD876 0_2_00CAD876
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6380C 0_2_00C6380C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C35816 0_2_00C35816
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2E821 0_2_00C2E821
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C65828 0_2_00C65828
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9B826 0_2_00C9B826
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C87838 0_2_00C87838
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3B830 0_2_00C3B830
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEB840 0_2_00BEB840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1C83F 0_2_00C1C83F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C739CA 0_2_00C739CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C0B9D3 0_2_00C0B9D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5A9DB 0_2_00C5A9DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEF990 0_2_00BEF990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C289EC 0_2_00C289EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C749F2 0_2_00C749F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C899F1 0_2_00C899F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C909F0 0_2_00C909F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1F982 0_2_00C1F982
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4D98C 0_2_00C4D98C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0985 0_2_00CC0985
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB7991 0_2_00CB7991
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4B9A4 0_2_00C4B9A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB09A8 0_2_00CB09A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7A9BD 0_2_00C7A9BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C279B9 0_2_00C279B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD19C0 0_2_00BD19C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BEE93D 0_2_00BEE93D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1D94D 0_2_00C1D94D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5094A 0_2_00C5094A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D82942 0_2_00D82942
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C92964 0_2_00C92964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C94964 0_2_00C94964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C66975 0_2_00C66975
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C58973 0_2_00C58973
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8D971 0_2_00C8D971
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3697C 0_2_00C3697C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6190E 0_2_00C6190E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC491E 0_2_00CC491E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1B923 0_2_00C1B923
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD579D 0_2_00BD579D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C46931 0_2_00C46931
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5C93A 0_2_00C5C93A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C79ACD 0_2_00C79ACD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C93AC3 0_2_00C93AC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C82AC6 0_2_00C82AC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDFAAF 0_2_00BDFAAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C24ADA 0_2_00C24ADA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C51AE4 0_2_00C51AE4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2DAE6 0_2_00C2DAE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C39AF3 0_2_00C39AF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C18A8F 0_2_00C18A8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BBEAEB 0_2_00BBEAEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB5A96 0_2_00CB5A96
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3AAA2 0_2_00C3AAA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8EAAC 0_2_00C8EAAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC9AD4 0_2_00BC9AD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C55AB5 0_2_00C55AB5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB2AC0 0_2_00BB2AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C99AB7 0_2_00C99AB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8AA4D 0_2_00C8AA4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CABA45 0_2_00CABA45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAFA57 0_2_00CAFA57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8FA56 0_2_00C8FA56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C21A6B 0_2_00C21A6B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCDA10 0_2_00BCDA10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6CA69 0_2_00C6CA69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA6A7B 0_2_00CA6A7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C25A77 0_2_00C25A77
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA3A1A 0_2_00CA3A1A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC2A18 0_2_00CC2A18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCCA60 0_2_00BCCA60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE7A60 0_2_00BE7A60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C53A3F 0_2_00C53A3F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBAA36 0_2_00CBAA36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6CBCC 0_2_00C6CBCC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAABD4 0_2_00CAABD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6DBE3 0_2_00C6DBE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDAB90 0_2_00BDAB90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C33BED 0_2_00C33BED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C68BF6 0_2_00C68BF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9EB88 0_2_00C9EB88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB4BF8 0_2_00BB4BF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5DB81 0_2_00C5DB81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C19B89 0_2_00C19B89
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C41B93 0_2_00C41B93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C45BAD 0_2_00C45BAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D87BB2 0_2_00D87BB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4CBBB 0_2_00C4CBBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C81B49 0_2_00C81B49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3BB45 0_2_00C3BB45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CB58 0_2_00C8CB58
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C48B5E 0_2_00C48B5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB9B50 0_2_00CB9B50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1CB65 0_2_00C1CB65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2CB6B 0_2_00C2CB6B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC4B10 0_2_00BC4B10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4FB75 0_2_00C4FB75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C71B72 0_2_00C71B72
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C54B7C 0_2_00C54B7C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF0B00 0_2_00BF0B00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C95B76 0_2_00C95B76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C46B02 0_2_00C46B02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C91B00 0_2_00C91B00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBBB1D 0_2_00CBBB1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEDB04 0_2_00DEDB04
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9BB12 0_2_00C9BB12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C87B2D 0_2_00C87B2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6AB20 0_2_00C6AB20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5AB34 0_2_00C5AB34
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C78B3D 0_2_00C78B3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C64B3D 0_2_00C64B3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA1B35 0_2_00CA1B35
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C74CD2 0_2_00C74CD2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C31CD8 0_2_00C31CD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D76CC9 0_2_00D76CC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C83CD7 0_2_00C83CD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C38CE8 0_2_00C38CE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4ACF6 0_2_00C4ACF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB6CFF 0_2_00CB6CFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD7C82 0_2_00BD7C82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6EC8B 0_2_00C6EC8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C93C9D 0_2_00C93C9D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BCDCE0 0_2_00BCDCE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C50C99 0_2_00C50C99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDBCD4 0_2_00BDBCD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C43CB7 0_2_00C43CB7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE7CC0 0_2_00BE7CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8BC48 0_2_00C8BC48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB1C4D 0_2_00CB1C4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3EC48 0_2_00C3EC48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA5C45 0_2_00CA5C45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5BC53 0_2_00C5BC53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB5C10 0_2_00BB5C10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C69C76 0_2_00C69C76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBFC7F 0_2_00CBFC7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C1EC76 0_2_00C1EC76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C85C7F 0_2_00C85C7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C35C07 0_2_00C35C07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C0AC06 0_2_00C0AC06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD2C6C 0_2_00BD2C6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C44C11 0_2_00C44C11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9AC2A 0_2_00C9AC2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC4C25 0_2_00CC4C25
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6FC29 0_2_00C6FC29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C58DC4 0_2_00C58DC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8CDC5 0_2_00C8CDC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB3DC4 0_2_00CB3DC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C40DD1 0_2_00C40DD1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C34DEB 0_2_00C34DEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C84DE3 0_2_00C84DE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3CDF3 0_2_00C3CDF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3DDF3 0_2_00C3DDF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9CDFA 0_2_00C9CDFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C39DFB 0_2_00C39DFB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5CDFD 0_2_00C5CDFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C20DFE 0_2_00C20DFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C87DF6 0_2_00C87DF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD0DFC 0_2_00BD0DFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BE8DE0 0_2_00BE8DE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C3FDA4 0_2_00C3FDA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C79DA0 0_2_00C79DA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4DD45 0_2_00C4DD45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C9ED48 0_2_00C9ED48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2BD5A 0_2_00C2BD5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C86D50 0_2_00C86D50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7BD4E 0_2_00D7BD4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C4BD5E 0_2_00C4BD5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C37D5E 0_2_00C37D5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD6D18 0_2_00BD6D18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C80D64 0_2_00C80D64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C52D7F 0_2_00C52D7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C72D0D 0_2_00C72D0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0D06 0_2_00CC0D06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C42D09 0_2_00C42D09
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C7AD19 0_2_00C7AD19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C63D19 0_2_00C63D19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C5DD2E 0_2_00C5DD2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C98D27 0_2_00C98D27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDCD4F 0_2_00BDCD4F
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00BC4B00 appears 66 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00BB9080 appears 54 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 1.0003633720930232
Source: file.exe Static PE information: Section: jhxstaas ZLIB complexity 0.9948334227265884
Source: classification engine Classification label: mal100.evad.winEXE@1/0@3/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BDE450 CoCreateInstance, 0_2_00BDE450
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 42%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1869824 > 1048576
Source: file.exe Static PE information: Raw size of jhxstaas is bigger than: 0x100000 < 0x19f200

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.bb0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jhxstaas:EW;kgshmact:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jhxstaas:EW;kgshmact:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d4784 should be: 0x1d1e46
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: jhxstaas
Source: file.exe Static PE information: section name: kgshmact
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C0D7A9 push edi; mov dword ptr [esp], eax 0_2_00C0D734
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE20DA push eax; mov dword ptr [esp], 3EFE4D00h 0_2_00DE2205
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DE20DA push 54F7A1BBh; mov dword ptr [esp], edx 0_2_00DE2277
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C100C5 push eax; mov dword ptr [esp], edi 0_2_00C10D40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C110C6 push ebp; mov dword ptr [esp], edx 0_2_00C1336B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 30AFFA13h; mov dword ptr [esp], ebx 0_2_00C385C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 139620DBh; mov dword ptr [esp], ebx 0_2_00C38620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 5BCD2AC0h; mov dword ptr [esp], ecx 0_2_00C38655
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push eax; mov dword ptr [esp], 736EE693h 0_2_00C3865A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 3D31EFBAh; mov dword ptr [esp], ecx 0_2_00C3871B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 1A45F146h; mov dword ptr [esp], esi 0_2_00C38723
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push eax; mov dword ptr [esp], 7E755483h 0_2_00C387D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push 0EB49A1Fh; mov dword ptr [esp], edx 0_2_00C38807
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C380CB push ecx; mov dword ptr [esp], edx 0_2_00C38857
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push edx; mov dword ptr [esp], eax 0_2_00C6E5E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push 4779A8EBh; mov dword ptr [esp], esi 0_2_00C6E624
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push 313A296Bh; mov dword ptr [esp], ebx 0_2_00C6E68C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push eax; mov dword ptr [esp], ebx 0_2_00C6E696
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push ebx; mov dword ptr [esp], edi 0_2_00C6E69C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push 0C8F657Ah; mov dword ptr [esp], esi 0_2_00C6E6A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push edi; mov dword ptr [esp], 5F00232Eh 0_2_00C6E766
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C6E0C8 push edx; mov dword ptr [esp], ebp 0_2_00C6E892
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C100D3 push 2D5D952Dh; mov dword ptr [esp], ebx 0_2_00C12EF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C100D3 push 1F13671Fh; mov dword ptr [esp], ecx 0_2_00C13C3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E660CE push 7119A336h; mov dword ptr [esp], ecx 0_2_00E6612F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push ecx; mov dword ptr [esp], 7FFB4BC9h 0_2_00D85130
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push 4DD3B266h; mov dword ptr [esp], edx 0_2_00D85201
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push 066845E3h; mov dword ptr [esp], esp 0_2_00D85259
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push edi; mov dword ptr [esp], 00001430h 0_2_00D85289
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push 478D7101h; mov dword ptr [esp], ebp 0_2_00D852CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D850E0 push edx; mov dword ptr [esp], eax 0_2_00D852D9
Source: file.exe Static PE information: section name: entropy: 7.988042722835456
Source: file.exe Static PE information: section name: jhxstaas entropy: 7.954602727067242

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C0D326 second address: C0D330 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D809EB second address: D809F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D809F3 second address: D809F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D809F9 second address: D80A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F0760DC67B7h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0760DC67ACh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8BA45 second address: D8BA4F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C18A second address: D8C19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 ja 00007F0760DC67ACh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8FFD5 second address: D8FFD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8FFD9 second address: D8FFDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9018D second address: D901FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300F5h 0x0000000b popad 0x0000000c xor dword ptr [esp], 114743DDh 0x00000013 mov dh, ah 0x00000015 mov dh, D6h 0x00000017 push 00000003h 0x00000019 jmp 00007F07608300ECh 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F07608300E8h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a push esi 0x0000003b mov ch, 2Dh 0x0000003d pop ecx 0x0000003e push 00000003h 0x00000040 mov dword ptr [ebp+122D234Fh], ecx 0x00000046 push 448CFA17h 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e jl 00007F07608300E6h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D901FD second address: D9020F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AAh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D902A0 second address: D902A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D902A5 second address: D902EC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0760DC67B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2469h], edi 0x00000013 push 00000000h 0x00000015 cld 0x00000016 call 00007F0760DC67A9h 0x0000001b jnp 00007F0760DC67AEh 0x00000021 push eax 0x00000022 jl 00007F0760DC67A6h 0x00000028 pop eax 0x00000029 push eax 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jbe 00007F0760DC67A6h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D902EC second address: D9031F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnp 00007F07608300F6h 0x00000015 jmp 00007F07608300F0h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F07608300EAh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9031F second address: D903A5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jo 00007F0760DC67AEh 0x00000014 jno 00007F0760DC67A8h 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0760DC67A8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 jnp 00007F0760DC67ACh 0x0000003b sub dword ptr [ebp+122D21DBh], ebx 0x00000041 push 00000003h 0x00000043 pushad 0x00000044 mov ecx, 3F0E0306h 0x00000049 mov edx, ecx 0x0000004b popad 0x0000004c push 00000000h 0x0000004e mov ch, 3Fh 0x00000050 push 00000003h 0x00000052 mov ecx, edx 0x00000054 call 00007F0760DC67A9h 0x00000059 pushad 0x0000005a jmp 00007F0760DC67B5h 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D903A5 second address: D9040E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f je 00007F07608300FFh 0x00000015 jmp 00007F07608300F9h 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f jnl 00007F07608300EEh 0x00000025 mov eax, dword ptr [eax] 0x00000027 push edx 0x00000028 pushad 0x00000029 jne 00007F07608300E6h 0x0000002f jg 00007F07608300E6h 0x00000035 popad 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b pushad 0x0000003c pushad 0x0000003d jo 00007F07608300E6h 0x00000043 jng 00007F07608300E6h 0x00000049 popad 0x0000004a push ecx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB065C second address: DB0673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67AEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0673 second address: DB0679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE633 second address: DAE637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE637 second address: DAE641 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F07608300E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE641 second address: DAE64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE64A second address: DAE69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F07608300F7h 0x00000011 jmp 00007F07608300F8h 0x00000016 popad 0x00000017 je 00007F07608300F0h 0x0000001d jmp 00007F07608300EAh 0x00000022 push eax 0x00000023 push edx 0x00000024 jno 00007F07608300E6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE69E second address: DAE6A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAE819 second address: DAE847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F0760830111h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F07608300F7h 0x00000012 jmp 00007F07608300EAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAEC6D second address: DAEC8B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67B8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAEDBD second address: DAEDC7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAEF6D second address: DAEF83 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jns 00007F0760DC67A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAEF83 second address: DAEF8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAEF8A second address: DAEF95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0760DC67A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF3AE second address: DAF3CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF3CE second address: DAF3D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF3D4 second address: DAF3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jnl 00007F07608300E6h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jg 00007F07608300E6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF3EA second address: DAF406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67B5h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF406 second address: DAF412 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF412 second address: DAF424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67AAh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF424 second address: DAF429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF429 second address: DAF42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF42F second address: DAF435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF597 second address: DAF59D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF59D second address: DAF5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F07608300EBh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D767F9 second address: D767FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAF6EE second address: DAF6F7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAFD03 second address: DAFD15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F0760DC67ADh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAFD15 second address: DAFD32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAFD32 second address: DAFD36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAFD36 second address: DAFD3C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAFD3C second address: DAFD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F0760DC67A6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0139 second address: DB0192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F07608300E6h 0x0000000a pop ebx 0x0000000b jc 00007F07608300FBh 0x00000011 jmp 00007F07608300F3h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pushad 0x00000019 js 00007F07608300E6h 0x0000001f jg 00007F07608300E6h 0x00000025 jmp 00007F07608300F9h 0x0000002a popad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f je 00007F07608300E6h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0192 second address: DB0198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0198 second address: DB01A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F07608300E6h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB01A7 second address: DB01D5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0760DC67C4h 0x00000008 jnp 00007F0760DC67AEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7EEC3 second address: D7EECF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB5AB8 second address: DB5AE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F0760DC67ACh 0x00000013 jc 00007F0760DC67A6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6B1A second address: DB6B4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F07608300F0h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6B4A second address: DB6B50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6C92 second address: DB6C96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6C96 second address: DB6C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6C9C second address: DB6CCF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300FDh 0x00000008 jmp 00007F07608300F7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push esi 0x00000012 jmp 00007F07608300EBh 0x00000017 pop esi 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDEAE second address: DBDEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDEB4 second address: DBDEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDEB8 second address: DBDEE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F0760DC67BEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F0760DC67C2h 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D79DBC second address: D79DD4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F07608300E6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f jnl 00007F07608300E6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBD3EE second address: DBD402 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AAh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBD402 second address: DBD413 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F07608300E6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBD6D1 second address: DBD720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B8h 0x00000009 jmp 00007F0760DC67B3h 0x0000000e jbe 00007F0760DC67A6h 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F0760DC67B6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDA0D second address: DBDA28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F07608300E6h 0x0000000a jmp 00007F07608300EFh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDA28 second address: DBDA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F0760DC67AAh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDA3C second address: DBDA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F07608300E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDA46 second address: DBDA5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBE714 second address: DBE71A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBE71A second address: DBE748 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 0798F20Ah 0x0000000f mov esi, dword ptr [ebp+122D396Ch] 0x00000015 push D78C75E4h 0x0000001a pushad 0x0000001b jmp 00007F0760DC67B0h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF31C second address: DBF322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF322 second address: DBF334 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF334 second address: DBF339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF3B8 second address: DBF3BE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF3BE second address: DBF3D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 sub dword ptr [ebp+122D2775h], eax 0x0000000f push eax 0x00000010 je 00007F07608300F8h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF3D8 second address: DBF3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF3DC second address: DBF3E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF499 second address: DBF49F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF577 second address: DBF5AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F07608300F7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF7DC second address: DBF7E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF7E0 second address: DBF7EA instructions: 0x00000000 rdtsc 0x00000002 js 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF934 second address: DBF93A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBF93A second address: DBF970 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F07608300F1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push esi 0x0000000f jmp 00007F07608300EAh 0x00000014 pop esi 0x00000015 mov edi, dword ptr [ebp+122D3734h] 0x0000001b push eax 0x0000001c jns 00007F07608300EEh 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBFF60 second address: DBFF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBFF65 second address: DBFF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F07608300E6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC091B second address: DC09A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jp 00007F0760DC67ACh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F0760DC67A8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f movzx edi, dx 0x00000032 adc si, 8EC9h 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D2985h], esi 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 ja 00007F0760DC67A8h 0x00000047 pushad 0x00000048 jmp 00007F0760DC67B9h 0x0000004d jmp 00007F0760DC67AAh 0x00000052 popad 0x00000053 popad 0x00000054 push eax 0x00000055 jp 00007F0760DC67B0h 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e pop eax 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC125C second address: DC1268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC26E3 second address: DC26F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC2423 second address: DC2427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC26F9 second address: DC274A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F0760DC67AEh 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2891h], edi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F0760DC67A8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+12469003h], edx 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC274A second address: DC2769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F07608300EDh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC31A4 second address: DC31AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC31AA second address: DC31AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC3258 second address: DC3265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F0760DC67ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC3DE2 second address: DC3DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9FB2 second address: DC9FD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67B1h 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC517E second address: DC5183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9FD1 second address: DC9FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0760DC67A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCB01B second address: DCB01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCCF83 second address: DCCFA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jng 00007F0760DC67A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCD03A second address: DCD03E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCD03E second address: DCD048 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCD048 second address: DCD05F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F07608300E6h 0x00000009 jno 00007F07608300E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCDFAB second address: DCDFAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA124 second address: DCA138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA138 second address: DCA16D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F0760DC67B5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0760DC67B5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCDFAF second address: DCE01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F07608300E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push ecx 0x00000025 mov bh, D5h 0x00000027 pop ebx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F07608300E8h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov bx, 8C86h 0x0000004a sub ebx, dword ptr [ebp+12479FB8h] 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jnl 00007F07608300E6h 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCE01D second address: DCE023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCE023 second address: DCE027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCE027 second address: DCE04A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0760DC67B4h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCD21C second address: DCD2B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F07608300F1h 0x0000000a popad 0x0000000b nop 0x0000000c mov di, 7700h 0x00000010 and ebx, dword ptr [ebp+122D3710h] 0x00000016 push dword ptr fs:[00000000h] 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007F07608300E8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 mov bh, 2Ch 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 js 00007F07608300ECh 0x00000046 sub dword ptr [ebp+122D1AABh], esi 0x0000004c mov eax, dword ptr [ebp+122D00E5h] 0x00000052 add ebx, 7412CFFBh 0x00000058 push FFFFFFFFh 0x0000005a push 00000000h 0x0000005c push edi 0x0000005d call 00007F07608300E8h 0x00000062 pop edi 0x00000063 mov dword ptr [esp+04h], edi 0x00000067 add dword ptr [esp+04h], 00000019h 0x0000006f inc edi 0x00000070 push edi 0x00000071 ret 0x00000072 pop edi 0x00000073 ret 0x00000074 sbb edi, 67836D49h 0x0000007a push eax 0x0000007b pushad 0x0000007c jo 00007F07608300ECh 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCD2B7 second address: DCD2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 js 00007F0760DC67A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD1143 second address: DD114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F07608300E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD114E second address: DD1154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD1154 second address: DD11AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D2A1Eh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F07608300E8h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d cld 0x0000002e mov bx, 5231h 0x00000032 push 00000000h 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F07608300F6h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD2192 second address: DD21AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD21AF second address: DD21CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD21CF second address: DD21D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD131A second address: DD1328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD13E3 second address: DD1416 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F0760DC67B2h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD31C4 second address: DD31D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD31D9 second address: DD31DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD31DF second address: DD31E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD31E3 second address: DD3255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F0760DC67A8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D340Ah], ebx 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c movsx ecx, cx 0x0000002f add edi, 3A62FBAAh 0x00000035 popad 0x00000036 push 00000000h 0x00000038 jmp 00007F0760DC67B9h 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007F0760DC67BAh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD41CE second address: DD41D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD41D4 second address: DD424F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F0760DC67A8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F0760DC67A8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000018h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 push 00000000h 0x00000043 jmp 00007F0760DC67B9h 0x00000048 mov bx, di 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e ja 00007F0760DC67A8h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD424F second address: DD4264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F07608300E6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD60AC second address: DD60B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD60B0 second address: DD60BA instructions: 0x00000000 rdtsc 0x00000002 js 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD43EB second address: DD43EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD60BA second address: DD6138 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F07608300E8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 cmc 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F07608300E8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000017h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 movzx edi, di 0x00000046 push 00000000h 0x00000048 sub dword ptr [ebp+122D1B62h], edx 0x0000004e push eax 0x0000004f push ebx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F07608300F3h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD543F second address: DD5460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67B9h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5460 second address: DD5479 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F07608300EFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD632E second address: DD634C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0760DC67B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD634C second address: DD6351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD6351 second address: DD6357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD9326 second address: DD933F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300F5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD933F second address: DD9343 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD9343 second address: DD935B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F07608300ECh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD8401 second address: DD847D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 mov di, ax 0x00000009 push dword ptr fs:[00000000h] 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F0760DC67A8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a jmp 00007F0760DC67B0h 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov eax, dword ptr [ebp+122D1209h] 0x0000003c sub di, A466h 0x00000041 push FFFFFFFFh 0x00000043 jmp 00007F0760DC67ABh 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F0760DC67B9h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD935B second address: DD9365 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD9365 second address: DD9414 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F0760DC67A8h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 or di, FB3Ch 0x0000002a pushad 0x0000002b call 00007F0760DC67AAh 0x00000030 sub esi, dword ptr [ebp+122D3858h] 0x00000036 pop eax 0x00000037 pushad 0x00000038 clc 0x00000039 jmp 00007F0760DC67B3h 0x0000003e popad 0x0000003f popad 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007F0760DC67A8h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000015h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c sub ebx, dword ptr [ebp+122D2159h] 0x00000062 push 00000000h 0x00000064 jmp 00007F0760DC67B9h 0x00000069 xchg eax, esi 0x0000006a push eax 0x0000006b push edx 0x0000006c push edx 0x0000006d push esi 0x0000006e pop esi 0x0000006f pop edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD9414 second address: DD941E instructions: 0x00000000 rdtsc 0x00000002 je 00007F07608300ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE1D29 second address: DE1D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE14E5 second address: DE14EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F07608300E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE16A4 second address: DE16AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE16AE second address: DE16B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE1844 second address: DE184C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE19A0 second address: DE19A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE7BDE second address: DE7BFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DEDD23 second address: DEDD54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F07608300EAh 0x00000012 pop edi 0x00000013 pushad 0x00000014 jno 00007F07608300E6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DEDD54 second address: DEDD5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0760DC67A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8765F second address: D87671 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300ECh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D87671 second address: D87676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D87676 second address: D8767C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED700 second address: DED704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED704 second address: DED708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED852 second address: DED86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED86F second address: DED879 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED879 second address: DED88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED88E second address: DED898 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED898 second address: DED8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0760DC67ADh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED8B1 second address: DED8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED8C6 second address: DED8E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DEDA30 second address: DEDA44 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DEDA44 second address: DEDA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0760DC67B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF0969 second address: DF0999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jnl 00007F07608300ECh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F07608300F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF0999 second address: DF09AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF09AD second address: DF09D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F6h 0x00000007 pushad 0x00000008 jnp 00007F07608300E6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7822F second address: D78234 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7B912 second address: D7B920 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F07608300ECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7B920 second address: D7B92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jp 00007F0760DC67A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7B92E second address: D7B932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF513B second address: DF513F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF55CB second address: DF55E7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F07608300F2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF55E7 second address: DF55F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67ADh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF55F9 second address: DF5616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F07608300F2h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF5911 second address: DF5947 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0760DC67B4h 0x0000000f push ecx 0x00000010 jmp 00007F0760DC67B3h 0x00000015 pop ecx 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF5C27 second address: DF5C49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F07608300EAh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F07608300EAh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF5C49 second address: DF5C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC7D8A second address: DC7E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jbe 00007F07608300F3h 0x0000000e jmp 00007F07608300EDh 0x00000013 jng 00007F07608300F3h 0x00000019 jmp 00007F07608300EDh 0x0000001e popad 0x0000001f nop 0x00000020 call 00007F07608300F1h 0x00000025 mov dword ptr [ebp+1245C4D7h], ebx 0x0000002b pop edi 0x0000002c mov edi, dword ptr [ebp+122D2361h] 0x00000032 lea eax, dword ptr [ebp+1248EAC4h] 0x00000038 pushad 0x00000039 mov cx, B2D0h 0x0000003d mov ebx, dword ptr [ebp+122D247Eh] 0x00000043 popad 0x00000044 nop 0x00000045 jmp 00007F07608300F2h 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F07608300F9h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC7E19 second address: DC7E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67AAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC7E28 second address: DA55CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jmp 00007F07608300EDh 0x0000000d call dword ptr [ebp+122D1A02h] 0x00000013 jmp 00007F07608300F2h 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b jno 00007F07608300E6h 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC844E second address: DC8470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8470 second address: DC8482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F07608300EEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8482 second address: DC84DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jo 00007F0760DC67BBh 0x00000015 jmp 00007F0760DC67B5h 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d pushad 0x0000001e jmp 00007F0760DC67B5h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8678 second address: DC8681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8681 second address: DC86D3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], esi 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F0760DC67A8h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 jmp 00007F0760DC67ACh 0x0000002d nop 0x0000002e jmp 00007F0760DC67AAh 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 je 00007F0760DC67ACh 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC86D3 second address: DC86D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8983 second address: DC8988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8D51 second address: DC8D6E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F07608300E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jg 00007F07608300E6h 0x00000014 jng 00007F07608300E6h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8D6E second address: DC8D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8D74 second address: DC8D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8E53 second address: DC8E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9077 second address: DC9088 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9088 second address: DC908F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9166 second address: DC916C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC916C second address: DC9170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9170 second address: DA61D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F07608300F5h 0x0000000f jmp 00007F07608300EFh 0x00000014 nop 0x00000015 clc 0x00000016 lea eax, dword ptr [ebp+1248EB08h] 0x0000001c mov dword ptr [ebp+124574FDh], ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007F07608300EAh 0x0000002c popad 0x0000002d pop edx 0x0000002e mov dword ptr [esp], eax 0x00000031 mov edx, eax 0x00000033 jmp 00007F07608300EAh 0x00000038 lea eax, dword ptr [ebp+1248EAC4h] 0x0000003e movzx edi, di 0x00000041 push eax 0x00000042 jbe 00007F07608300F8h 0x00000048 jmp 00007F07608300F2h 0x0000004d mov dword ptr [esp], eax 0x00000050 mov dword ptr [ebp+12479E98h], esi 0x00000056 mov dword ptr [ebp+122D1D9Dh], ebx 0x0000005c call dword ptr [ebp+122D1C45h] 0x00000062 push edi 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA61D0 second address: DA61D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA61D6 second address: DA61DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA61DA second address: DA61E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D73167 second address: D73188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F07608300EEh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jns 00007F07608300E6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D73188 second address: D7319D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67AEh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7319D second address: D731A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9A7A second address: DF9A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9BEA second address: DF9C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F07608300F7h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9C0D second address: DF9C1C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0760DC67A6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9C1C second address: DF9C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F1h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9C34 second address: DF9C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9C43 second address: DF9C49 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9DB3 second address: DF9DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop ebx 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9DC0 second address: DF9DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA048 second address: DFA05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67ACh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA1A2 second address: DFA1B7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F07608300EAh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA321 second address: DFA345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 jmp 00007F0760DC67B0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA345 second address: DFA34A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFBF80 second address: DFBF94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0085C second address: E00862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00C2C second address: E00C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F0760DC67ACh 0x0000000b jbe 00007F0760DC67A6h 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 ja 00007F0760DC67A6h 0x0000001f push esi 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00C4D second address: E00C75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 jnc 00007F07608300E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F07608300EEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00C75 second address: E00C79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00C79 second address: E00C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00DDD second address: E00DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00DE1 second address: E00DFC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jg 00007F07608300E6h 0x00000013 jl 00007F07608300E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00DFC second address: E00E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0760DC67ADh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00E0E second address: E00E2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F07608300E6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E01148 second address: E0114E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E01421 second address: E0144E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F4h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jl 00007F07608300E6h 0x00000015 pushad 0x00000016 popad 0x00000017 jl 00007F07608300E6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0144E second address: E0145B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0760DC67A8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0190B second address: E0191E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300EBh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0191E second address: E01923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E01923 second address: E01928 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B65E second address: E0B662 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B7BE second address: E0B7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B7C4 second address: E0B7E1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0760DC67AFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B7E1 second address: E0B7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B7E5 second address: E0B7E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B7E9 second address: E0B809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jbe 00007F07608300E6h 0x00000012 jmp 00007F07608300ECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B809 second address: E0B826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0760DC67B0h 0x0000000c jp 00007F0760DC67A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B826 second address: E0B82C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0B82C second address: E0B832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F318 second address: E0F31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F31C second address: E0F322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F322 second address: E0F333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jnc 00007F07608300E6h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F333 second address: E0F346 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0760DC67AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F62E second address: E0F638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F638 second address: E0F63E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F63E second address: E0F642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0F642 second address: E0F659 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jne 00007F0760DC67A6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13A60 second address: E13A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13A6F second address: E13A75 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13A75 second address: E13A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13A7E second address: E13A83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13C08 second address: E13C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13C0D second address: E13C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13C13 second address: E13C27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13F20 second address: E13F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13F24 second address: E13F28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E13F28 second address: E13F2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1406E second address: E14072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E19D18 second address: E19D5B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pushad 0x00000007 je 00007F0760DC67A6h 0x0000000d jne 00007F0760DC67A6h 0x00000013 jmp 00007F0760DC67ADh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edx 0x0000001f pop edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F0760DC67B4h 0x00000029 pushad 0x0000002a popad 0x0000002b pop eax 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E19D5B second address: E19D6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E8h 0x00000008 js 00007F07608300EEh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E18944 second address: E18948 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E18948 second address: E18956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F07608300E8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8B13 second address: DC8B19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8B19 second address: DC8B85 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jbe 00007F07608300E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F07608300F9h 0x00000012 nop 0x00000013 mov ebx, dword ptr [ebp+1248EB03h] 0x00000019 add cx, 1271h 0x0000001e add eax, ebx 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007F07608300E8h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a jc 00007F07608300EBh 0x00000040 and di, F167h 0x00000045 nop 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 jc 00007F07608300E6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC8B85 second address: DC8C25 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0760DC67A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0760DC67B2h 0x00000010 jmp 00007F0760DC67B3h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 jne 00007F0760DC67AEh 0x0000001e nop 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 call 00007F0760DC67A8h 0x00000027 pop esi 0x00000028 mov dword ptr [esp+04h], esi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc esi 0x00000035 push esi 0x00000036 ret 0x00000037 pop esi 0x00000038 ret 0x00000039 push 00000004h 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007F0760DC67A8h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 jmp 00007F0760DC67AFh 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jl 00007F0760DC67A8h 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E19132 second address: E19138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E19138 second address: E19145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jc 00007F0760DC67A6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E19145 second address: E1914A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1F2A6 second address: E1F2C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B6h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1F426 second address: E1F42C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1FAD3 second address: E1FAF0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0760DC67B8h 0x00000008 jmp 00007F0760DC67B0h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E20070 second address: E2009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F07608300EEh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F07608300F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2009D second address: E200A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E203CB second address: E203CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E203CF second address: E203D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E203D8 second address: E203E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E203E0 second address: E203F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F0760DC67ABh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E203F8 second address: E20406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E20406 second address: E2040B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2040B second address: E20422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300F0h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E20711 second address: E2071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E20F5E second address: E20F62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E29E8B second address: E29EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67AFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E29EA2 second address: E29EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F07608300E6h 0x0000000a jnp 00007F07608300E6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E29EB2 second address: E29EB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A00B second address: E2A02B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A02B second address: E2A031 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A19D second address: E2A1CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F07608300F2h 0x00000008 jmp 00007F07608300F9h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A1CD second address: E2A1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A1D5 second address: E2A1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2A1DB second address: E2A1E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E337A2 second address: E337C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F07608300F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E337C5 second address: E337D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0760DC67ABh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E319D8 second address: E319E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E319E1 second address: E319E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E319E7 second address: E319EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32358 second address: E32369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0760DC67ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32369 second address: E3236D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32F7E second address: E32F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32F82 second address: E32F86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32F86 second address: E32F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67B0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E32F9C second address: E32FB0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F07608300E8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F07608300E6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E3365A second address: E3365E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E3365E second address: E33664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E33664 second address: E33670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F0760DC67A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E33670 second address: E33674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E33674 second address: E33678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E3A836 second address: E3A853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F07608300F7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4337F second address: E4338B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0760DC67A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4338B second address: E433A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007F07608300EFh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4C529 second address: E4C52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4C52D second address: E4C555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F07608300EBh 0x0000000b pop ecx 0x0000000c push eax 0x0000000d jmp 00007F07608300F2h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D74D0E second address: D74D46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0760DC67ACh 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0760DC67ABh 0x00000014 jmp 00007F0760DC67B7h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5F341 second address: E5F347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E5F347 second address: E5F34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E66551 second address: E6659C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop esi 0x0000000a jmp 00007F07608300F3h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F07608300EDh 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F07608300F7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6659C second address: E665AE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jns 00007F0760DC67A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E665AE second address: E665B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E665B2 second address: E665CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E65037 second address: E6503C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E652EA second address: E652F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E652F0 second address: E652FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6AEBD second address: E6AEC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0760DC67A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6AEC7 second address: E6AECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6AECC second address: E6AEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F0760DC67B4h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F0760DC67AEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6AEF9 second address: E6AEFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6FAB5 second address: D6FAB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6AA47 second address: E6AA7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F07608300EEh 0x0000000c pop eax 0x0000000d jmp 00007F07608300EDh 0x00000012 popad 0x00000013 jc 00007F0760830106h 0x00000019 push ebx 0x0000001a jmp 00007F07608300EBh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6F1CC second address: E6F1D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74D24 second address: E74D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C1D4 second address: E7C1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C028 second address: E7C02E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C02E second address: E7C034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C034 second address: E7C03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C03F second address: E7C045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C045 second address: E7C04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7D92E second address: E7D932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7944C second address: E7945E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F07608300EEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7945E second address: E7947A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0760DC67B4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA19C9 second address: EA19CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA1D7E second address: EA1D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA1D82 second address: EA1DA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F07608300F5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA1DA0 second address: EA1DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA1DA7 second address: EA1DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA2067 second address: EA206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA206B second address: EA206F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA206F second address: EA207A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA207A second address: EA2081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA3B43 second address: EA3B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA3B4A second address: EA3B7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F07608300E6h 0x00000009 jmp 00007F07608300F3h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F07608300EEh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA3B7B second address: EA3B8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F0760DC67A8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA3B8B second address: EA3B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA3B93 second address: EA3B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA64F8 second address: EA6502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA6502 second address: EA6506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA66EF second address: EA6700 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA6700 second address: EA6704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA6704 second address: EA674B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F07608300E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jl 00007F07608300E6h 0x00000011 pop ebx 0x00000012 popad 0x00000013 nop 0x00000014 mov dx, 5024h 0x00000018 push 00000004h 0x0000001a je 00007F07608300E9h 0x00000020 movzx edx, cx 0x00000023 mov edx, dword ptr [ebp+124571B3h] 0x00000029 push 4825D2A8h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F07608300F7h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA6942 second address: EA697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F0760DC67ABh 0x0000000c push dword ptr [ebp+122D276Bh] 0x00000012 mov dword ptr [ebp+122D2A56h], edx 0x00000018 call 00007F0760DC67A9h 0x0000001d jnp 00007F0760DC67AEh 0x00000023 push eax 0x00000024 push ebx 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA697E second address: EA698E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA698E second address: EA699D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA699D second address: EA69A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA69A3 second address: EA69D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0760DC67B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jne 00007F0760DC67ACh 0x00000014 pushad 0x00000015 jno 00007F0760DC67A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA69D8 second address: EA69E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA69E7 second address: EA69EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: C0CAC6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E3E4DE instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C112F3 rdtsc 0_2_00C112F3
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7596 Thread sleep time: -60000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1345575273.0000000001654000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1347675102.0000000001654000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1347675102.0000000001618000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C112F3 rdtsc 0_2_00C112F3
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BED930 LdrInitializeThunk, 0_2_00BED930
Source: file.exe, file.exe, 00000000.00000002.1346983017.0000000000D94000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ~Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562763 Sample: file.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 10 property-imper.sbs 2->10 12 occupy-blushi.sbs 2->12 14 frogs-severz.sbs 2->14 18 Suricata IDS alerts for network traffic 2->18 20 Antivirus detection for URL or domain 2->20 22 Antivirus / Scanner detection for submitted sample 2->22 24 4 other signatures 2->24 6 file.exe 2->6         started        signatures3 process4 dnsIp5 16 occupy-blushi.sbs 172.67.187.240, 443, 49703, 49705 CLOUDFLARENETUS United States 6->16 26 Detected unpacking (changes PE section rights) 6->26 28 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->28 30 Tries to evade debugger and weak emulator (self modifying code) 6->30 32 4 other signatures 6->32 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.187.240
 occupy-blushi.sbs United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
occupy-blushi.sbs 172.67.187.240 true
property-imper.sbs unknown unknown
frogs-severz.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://occupy-blushi.sbs/api false
    		high