Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe
Analysis ID:1627480
MD5:775d48c5ca9cec5cb17ba4990e100b80
SHA1:d51bdc3fc06fadd66fa0549c0c6924a52f980c91
SHA256:ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

SystemBC
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected SystemBC
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • huflh.exe (PID: 5268 cmdline: C:\ProgramData\prhbpso\huflh.exe MD5: 775D48C5CA9CEC5CB17BA4990E100B80)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SystemBCSystemBC is a proxy malware leveraging SOCKS5. Based on screenshots used in ads on a underground marketplace, Proofpoint decided to call it SystemBC.SystemBC has been observed occasionally, but more pronounced since June 2019. First samples goes back to October 2018.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.systembc

Malware Configuration

Threatname: SystemBC

{"HOST1": "towerbingobongoboom.com", "HOST2": "213.209.150.137"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.2201616017.0000000004774000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
    00000000.00000003.2163770369.0000000004774000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
      Process Memory Space: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe PID: 3428JoeSecurity_SystemBCYara detected SystemBCJoe Security
        Process Memory Space: huflh.exe PID: 5268JoeSecurity_SystemBCYara detected SystemBCJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: towerbingobongoboom.comAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000001.00000003.2201616017.0000000004774000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SystemBC {"HOST1": "towerbingobongoboom.com", "HOST2": "213.209.150.137"}
          Multi AV Scanner detection for dropped file
          Source: C:\ProgramData\prhbpso\huflh.exeReversingLabs: Detection: 57%
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeReversingLabs: Detection: 57%
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeVirustotal: Detection: 54%Perma Link
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: towerbingobongoboom.com
          Source: Malware configuration extractorURLs: 213.209.150.137
          Source: global trafficTCP traffic: 192.168.2.6:49712 -> 213.209.150.137:4000
          Source: global trafficTCP traffic: 192.168.2.6:55626 -> 1.1.1.1:53
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: towerbingobongoboom.com
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: huflh.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, huflh.exe.0.drString found in binary or memory: https://winscp.net/eng/docs/installation0

          System Summary

          barindex
          PE file contains section with special chars
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: .idata
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name:
          Source: huflh.exe.0.drStatic PE information: section name:
          Source: huflh.exe.0.drStatic PE information: section name: .idata
          Source: huflh.exe.0.drStatic PE information: section name:
          Source: C:\ProgramData\prhbpso\huflh.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: invalid certificate
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: Section: vonkwwrp ZLIB complexity 0.9945210218078847
          Source: huflh.exe.0.drStatic PE information: Section: vonkwwrp ZLIB complexity 0.9945210218078847
          Source: classification engineClassification label: mal100.troj.evad.winEXE@2/3@1/1
          Source: C:\ProgramData\prhbpso\huflh.exeMutant created: \Sessions\1\BaseNamedObjects\Test Task17
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeReversingLabs: Detection: 57%
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeVirustotal: Detection: 54%
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeString found in binary or memory: (https://winscp.net/eng/docs/installation0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe"
          Source: unknownProcess created: C:\ProgramData\prhbpso\huflh.exe C:\ProgramData\prhbpso\huflh.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: mstask.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSection loaded: mpr.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: winmm.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: mstask.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic file information: File size 1782888 > 1048576
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: Raw size of vonkwwrp is bigger than: 0x100000 < 0x1a8e00

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vonkwwrp:EW;axkanahc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vonkwwrp:EW;axkanahc:EW;.taggant:EW;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: real checksum: 0x1bacf5 should be: 0x1b56b7
          Source: huflh.exe.0.drStatic PE information: real checksum: 0x1bacf5 should be: 0x1b56b7
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: .idata
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: vonkwwrp
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: axkanahc
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: .taggant
          Source: huflh.exe.0.drStatic PE information: section name:
          Source: huflh.exe.0.drStatic PE information: section name: .idata
          Source: huflh.exe.0.drStatic PE information: section name:
          Source: huflh.exe.0.drStatic PE information: section name: vonkwwrp
          Source: huflh.exe.0.drStatic PE information: section name: axkanahc
          Source: huflh.exe.0.drStatic PE information: section name: .taggant
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: entropy: 7.810542589941846
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeStatic PE information: section name: vonkwwrp entropy: 7.951882985850609
          Source: huflh.exe.0.drStatic PE information: section name: entropy: 7.810542589941846
          Source: huflh.exe.0.drStatic PE information: section name: vonkwwrp entropy: 7.951882985850609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile created: C:\ProgramData\prhbpso\huflh.exeJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile created: C:\ProgramData\prhbpso\huflh.exeJump to dropped file

          Boot Survival

          barindex
          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect sandboxes / dynamic malware analysis system (registry check)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 40BCF0 second address: 40BCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 40BCF5 second address: 40BCFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 58DB92 second address: 58DB9C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F565CC82DF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 58DB9C second address: 58DBB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F565CCCA032h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 58DBB4 second address: 58DBD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E08h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 58DE46 second address: 58DE75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F565CCCA038h 0x0000000b jmp 00007F565CCCA02Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 58DE75 second address: 58DE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 590F62 second address: 590F6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F565CCCA026h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 590F6C second address: 590F94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F565CC82DFBh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 590F94 second address: 590F99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 590FE7 second address: 591006 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F565CC82DFCh 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 591006 second address: 591010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F565CCCA026h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5910CE second address: 5910DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jc 00007F565CC82E04h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5910DF second address: 5910E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5910E3 second address: 591135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edi 0x0000000b jmp 00007F565CC82E07h 0x00000010 pop edi 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F565CC82E06h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d jmp 00007F565CC82DFEh 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 pop esi 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 591135 second address: 59118D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F565CCCA028h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 pushad 0x00000023 add dx, 0A5Ah 0x00000028 mov dword ptr [ebp+122D1A9Ch], ecx 0x0000002e popad 0x0000002f lea ebx, dword ptr [ebp+12458E61h] 0x00000035 mov cx, EBF0h 0x00000039 mov dword ptr [ebp+122D1A9Ch], ebx 0x0000003f push eax 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F565CCCA033h 0x00000048 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 591278 second address: 59127C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 59127C second address: 5912FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xor dword ptr [esp], 55386B14h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F565CCCA028h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 or ecx, dword ptr [ebp+122D1A21h] 0x0000002e push 00000003h 0x00000030 mov cx, ax 0x00000033 push 00000000h 0x00000035 mov ecx, 03B80F00h 0x0000003a push 00000003h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007F565CCCA028h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov ecx, dword ptr [ebp+122D38A8h] 0x0000005c push eax 0x0000005d mov edi, dword ptr [ebp+122D1F0Eh] 0x00000063 pop ecx 0x00000064 push 99CF73A9h 0x00000069 pushad 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F565CCCA02Ah 0x00000071 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5913D4 second address: 5913D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5913D8 second address: 5913DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5913DC second address: 591474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov si, 196Ch 0x0000000e push 00000000h 0x00000010 sub dword ptr [ebp+122D320Bh], edi 0x00000016 push 310BAE04h 0x0000001b jg 00007F565CC82E08h 0x00000021 jmp 00007F565CC82E02h 0x00000026 xor dword ptr [esp], 310BAE84h 0x0000002d call 00007F565CC82E07h 0x00000032 mov cl, CCh 0x00000034 pop esi 0x00000035 push 00000003h 0x00000037 push 00000000h 0x00000039 jmp 00007F565CC82DFFh 0x0000003e push 00000003h 0x00000040 mov edx, 618F6CE6h 0x00000045 call 00007F565CC82DF9h 0x0000004a push esi 0x0000004b jbe 00007F565CC82DF8h 0x00000051 push ecx 0x00000052 pop ecx 0x00000053 pop esi 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push ebx 0x00000058 jmp 00007F565CC82E02h 0x0000005d pop ebx 0x0000005e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 591474 second address: 5914B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ecx 0x0000000d jg 00007F565CCCA02Ch 0x00000013 pop ecx 0x00000014 mov eax, dword ptr [eax] 0x00000016 jnc 00007F565CCCA02Eh 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F565CCCA032h 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5914B6 second address: 5914C0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F565CC82DFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5A2E5E second address: 5A2E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5A2E63 second address: 5A2E69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 577D39 second address: 577D58 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F565CCCA038h 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AF86E second address: 5AF874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AF874 second address: 5AF88B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007F565CCCA026h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AF88B second address: 5AF88F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AF88F second address: 5AF89B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AFDB8 second address: 5AFDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5AFF39 second address: 5AFF3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B008B second address: 5B008F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B008F second address: 5B0093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B0477 second address: 5B0483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F565CC82DFCh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B0E10 second address: 5B0E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B0E14 second address: 5B0E39 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565CC82DFAh 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F565CC82E01h 0x00000013 jbe 00007F565CC82DF6h 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B1102 second address: 5B1107 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B4740 second address: 5B478C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F565CC82E09h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 jg 00007F565CC82DF8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007F565CC82DFAh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B478C second address: 5B4791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B36DC second address: 5B36E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5B49DF second address: 5B49F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 580215 second address: 58021B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD3DA second address: 5BD3E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA02Bh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD3E9 second address: 5BD3ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD541 second address: 5BD56C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e jmp 00007F565CCCA034h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push edi 0x0000001a pop edi 0x0000001b pop edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD6DF second address: 5BD6E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F565CC82DF6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD6E9 second address: 5BD70C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F565CCCA038h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD70C second address: 5BD734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b jg 00007F565CC82DF6h 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F565CC82E02h 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BD734 second address: 5BD754 instructions: 0x00000000 rdtsc 0x00000002 js 00007F565CCCA026h 0x00000008 jmp 00007F565CCCA036h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BDA56 second address: 5BDA92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CC82E03h 0x00000009 jmp 00007F565CC82DFFh 0x0000000e popad 0x0000000f jnc 00007F565CC82E09h 0x00000015 jmp 00007F565CC82DFDh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BDA92 second address: 5BDAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA02Eh 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BDBD4 second address: 5BDBD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BDD43 second address: 5BDD47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE703 second address: 5BE70B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE847 second address: 5BE84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE84B second address: 5BE84F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE84F second address: 5BE855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE855 second address: 5BE86C instructions: 0x00000000 rdtsc 0x00000002 je 00007F565CC82DFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE86C second address: 5BE870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE870 second address: 5BE876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE876 second address: 5BE87C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BE994 second address: 5BE998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BEB42 second address: 5BEB68 instructions: 0x00000000 rdtsc 0x00000002 je 00007F565CCCA028h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F565CCCA037h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5BF721 second address: 5BF725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 583716 second address: 583762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007F565CCCA026h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F565CCCA032h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F565CCCA039h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F565CCCA031h 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C1B7E second address: 5C1B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C1B82 second address: 5C1B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C2C10 second address: 5C2C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CC82E09h 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jl 00007F565CC82E07h 0x00000013 js 00007F565CC82E01h 0x00000019 call 00007F565CC82DFAh 0x0000001e pop esi 0x0000001f push 00000000h 0x00000021 movsx esi, cx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F565CC82DF8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 0000001Dh 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 adc si, A35Fh 0x00000045 xchg eax, ebx 0x00000046 push ebx 0x00000047 jns 00007F565CC82DF8h 0x0000004d pushad 0x0000004e popad 0x0000004f pop ebx 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F565CC82DFEh 0x00000058 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C5BE7 second address: 5C5BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA02Bh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C5BF6 second address: 5C5BFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C5BFA second address: 5C5C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F565CCCA040h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C5C20 second address: 5C5C2A instructions: 0x00000000 rdtsc 0x00000002 js 00007F565CC82E02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C5C2A second address: 5C5C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 57E759 second address: 57E774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F565CC82E01h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C6277 second address: 5C627B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C6D13 second address: 5C6D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C7997 second address: 5C799C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C799C second address: 5C79A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C3E1E second address: 5C3E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C3E22 second address: 5C3E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C79A9 second address: 5C79B6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C3E28 second address: 5C3E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F565CC82DF6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C79B6 second address: 5C79BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5CBDFB second address: 5CBE81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F565CC82DF8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+1246A083h] 0x0000002b push 00000000h 0x0000002d add dword ptr [ebp+122D1E09h], edi 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F565CC82DF8h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 jmp 00007F565CC82DFCh 0x00000058 push ecx 0x00000059 pop ecx 0x0000005a popad 0x0000005b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5CDF80 second address: 5CDFF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 call 00007F565CCCA036h 0x0000000e pop ebx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F565CCCA028h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b add dword ptr [ebp+1246A048h], ebx 0x00000031 push 00000000h 0x00000033 mov edi, 3D893900h 0x00000038 and ebx, 54301FCEh 0x0000003e xchg eax, esi 0x0000003f js 00007F565CCCA02Ah 0x00000045 push edx 0x00000046 push eax 0x00000047 pop eax 0x00000048 pop edx 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F565CCCA02Eh 0x00000051 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C48FE second address: 5C4902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C4902 second address: 5C490C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C817B second address: 5C8184 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DA4CA second address: 5DA4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DA4CE second address: 5DA4D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DB604 second address: 5DB608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DB608 second address: 5DB657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a add ebx, 03308B9Eh 0x00000010 push 00000000h 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 sbb edx, 21F48DABh 0x0000001b popad 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edi 0x00000021 call 00007F565CC82DF8h 0x00000026 pop edi 0x00000027 mov dword ptr [esp+04h], edi 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc edi 0x00000034 push edi 0x00000035 ret 0x00000036 pop edi 0x00000037 ret 0x00000038 mov edi, dword ptr [ebp+122D38A8h] 0x0000003e xchg eax, esi 0x0000003f push edi 0x00000040 pushad 0x00000041 pushad 0x00000042 popad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5CD13A second address: 5CD155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA037h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5CF168 second address: 5CF16C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D0F5E second address: 5D0F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D2F64 second address: 5D2F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F565CC82DF6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D0F64 second address: 5D0F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F565CCCA026h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D0F6E second address: 5D0F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D559E second address: 5D55A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D6632 second address: 5D6636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D6636 second address: 5D663B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D663B second address: 5D6649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D76D3 second address: 5D76DD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D76DD second address: 5D770A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jmp 00007F565CC82E04h 0x00000012 pop eax 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D770A second address: 5D7710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D7710 second address: 5D7714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D851D second address: 5D8530 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F565CCCA02Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D8530 second address: 5D8534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D85D2 second address: 5D85D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D85D7 second address: 5D85DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D95D8 second address: 5D95DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5D95DC second address: 5D95E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DA778 second address: 5DA782 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DB7CA second address: 5DB7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5DB7CE second address: 5DB872 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov di, si 0x00000015 push dword ptr fs:[00000000h] 0x0000001c or dword ptr [ebp+122D1AA8h], edx 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F565CCCA028h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 cld 0x00000044 mov eax, dword ptr [ebp+122D0E5Dh] 0x0000004a push 00000000h 0x0000004c push edx 0x0000004d call 00007F565CCCA028h 0x00000052 pop edx 0x00000053 mov dword ptr [esp+04h], edx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc edx 0x00000060 push edx 0x00000061 ret 0x00000062 pop edx 0x00000063 ret 0x00000064 add dword ptr [ebp+122D2126h], ebx 0x0000006a push FFFFFFFFh 0x0000006c jmp 00007F565CCCA035h 0x00000071 push eax 0x00000072 pushad 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007F565CCCA032h 0x0000007a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E1576 second address: 5E1589 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565CC82DFEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E800A second address: 5E8036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA035h 0x00000007 jmp 00007F565CCCA033h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E8036 second address: 5E8043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F565CC82DF6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E8043 second address: 5E8049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E8049 second address: 5E806D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F565CC82E02h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E7738 second address: 5E774C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA030h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E774C second address: 5E775B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFBh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E775B second address: 5E7767 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5E78E7 second address: 5E78FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnc 00007F565CC82DF6h 0x0000000e popad 0x0000000f push ecx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5EC86C second address: 5EC88A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F565CCCA028h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5ECB1B second address: 5ECB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 57CC42 second address: 57CC4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F565CCCA026h 0x0000000a pop edi 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 57CC4D second address: 57CC53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 57CC53 second address: 57CC71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA032h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F565CCCA026h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 57CC71 second address: 57CC75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F1A7D second address: 5F1A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F1A81 second address: 5F1A85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F1A85 second address: 5F1A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b jg 00007F565CCCA026h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F1A9B second address: 5F1AA5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F565CC82DF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F206C second address: 5F2089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA034h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F2089 second address: 5F2093 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F565CC82DF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F21BE second address: 5F21EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007F565CCCA036h 0x0000000d jne 00007F565CCCA026h 0x00000013 jmp 00007F565CCCA02Ah 0x00000018 je 00007F565CCCA02Ah 0x0000001e popad 0x0000001f push ebx 0x00000020 jnp 00007F565CCCA02Eh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F2B82 second address: 5F2B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F2B88 second address: 5F2BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F565CCCA031h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F2BA2 second address: 5F2BCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E08h 0x00000007 jmp 00007F565CC82DFEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F2BCF second address: 5F2BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F75AC second address: 5F75CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F565CC82E04h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e je 00007F565CC82DF6h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C8C21 second address: 5C8C5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F565CCCA035h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C8F42 second address: 5C8F48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C8F48 second address: 5C8F4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C8F4E second address: 5C8F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C91A2 second address: 5C91C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 jmp 00007F565CCCA034h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C936B second address: 5C936F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C936F second address: 5C9380 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9380 second address: 5C9384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C95C2 second address: 5C95C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C95C6 second address: 5C95CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9A22 second address: 5C9A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9A27 second address: 5C9A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F565CC82E01h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9A46 second address: 5C9A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F565CCCA039h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9E0D second address: 5C9E1E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F565CC82DF6h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9E1E second address: 5C9E24 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F6AC7 second address: 5F6ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5F6ACD second address: 5F6AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FD1ED second address: 5FD1FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F565CC82DF6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FBEE3 second address: 5FBEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC082 second address: 5FC09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82E07h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC09D second address: 5FC0AD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F565CCCA026h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC1FF second address: 5FC209 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F565CC82DF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC209 second address: 5FC20F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC20F second address: 5FC215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC36A second address: 5FC36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC4A3 second address: 5FC4AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC4AE second address: 5FC4BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F565CCCA026h 0x0000000a jnc 00007F565CCCA026h 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC642 second address: 5FC66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F565CC82DF6h 0x0000000a popad 0x0000000b jnl 00007F565CC82E0Fh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FC66C second address: 5FC68A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565CCCA02Ah 0x00000008 pushad 0x00000009 popad 0x0000000a jo 00007F565CCCA026h 0x00000010 popad 0x00000011 jo 00007F565CCCA02Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FCBEC second address: 5FCBF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5FCBF2 second address: 5FCC0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA036h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 609C45 second address: 609C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CC82DFEh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 609C57 second address: 609C89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA034h 0x00000007 jl 00007F565CCCA026h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F565CCCA032h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 608A4D second address: 608A5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFBh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 608A5C second address: 608A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 608C1A second address: 608C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 608F62 second address: 608F67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 608F67 second address: 608F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 609379 second address: 60937E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60937E second address: 6093B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F565CC82DFCh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565CC82E08h 0x00000012 jp 00007F565CC82DF6h 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60969A second address: 60969F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60969F second address: 6096C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E04h 0x00000007 push edx 0x00000008 jmp 00007F565CC82DFBh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 609939 second address: 60996F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F565CCCA02Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d jp 00007F565CCCA026h 0x00000013 jmp 00007F565CCCA02Dh 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push ebx 0x0000001e jmp 00007F565CCCA02Bh 0x00000023 pushad 0x00000024 push edx 0x00000025 pop edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FFA0 second address: 60FFB0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jbe 00007F565CC82DF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FFB0 second address: 60FFB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FFB4 second address: 60FFBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FA1D second address: 60FA23 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FB77 second address: 60FB7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 60FB7B second address: 60FB9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F565CCCA038h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 616B04 second address: 616B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F565CC82E02h 0x0000000a jl 00007F565CC82DF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6156D6 second address: 6156DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6156DA second address: 6156E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F565CC82DF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6156E6 second address: 6156F5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 js 00007F565CCCA026h 0x0000000b pop edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9831 second address: 5C9835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9835 second address: 5C9854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jc 00007F565CCCA041h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F565CCCA02Fh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9854 second address: 5C9858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9858 second address: 5C9899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edx, dword ptr [ebp+122D2E47h] 0x0000000d push 00000004h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F565CCCA028h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov ecx, dword ptr [ebp+122D1F59h] 0x0000002f cld 0x00000030 nop 0x00000031 pushad 0x00000032 jp 00007F565CCCA028h 0x00000038 pushad 0x00000039 popad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 5C9899 second address: 5C989D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 615C83 second address: 615C8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 615C8A second address: 615CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CC82E03h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F565CC82E08h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 615CC2 second address: 615CC8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6167EF second address: 616801 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop ebx 0x00000008 jnp 00007F565CC82DFEh 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61AC64 second address: 61AC71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61AC71 second address: 61AC7D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61AC7D second address: 61AC83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61AF2A second address: 61AF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jns 00007F565CC82DF6h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61AF38 second address: 61AF3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61B099 second address: 61B09D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61B09D second address: 61B0A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61E538 second address: 61E543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61E543 second address: 61E547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61E547 second address: 61E54B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 61E54B second address: 61E566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F565CCCA030h 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 625D7E second address: 625D90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFCh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F55 second address: 623F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F5B second address: 623F86 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F565CC82DF6h 0x00000008 jmp 00007F565CC82E02h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F565CC82DFBh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F86 second address: 623F8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F8A second address: 623F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F90 second address: 623F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623F9C second address: 623FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623FA0 second address: 623FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 623FA4 second address: 623FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F565CC82E07h 0x0000000c push ebx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62475F second address: 62476E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F565CCCA026h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 624C43 second address: 624C47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 624C47 second address: 624C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA034h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F565CCCA026h 0x00000012 jne 00007F565CCCA026h 0x00000018 jmp 00007F565CCCA034h 0x0000001d popad 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 624C83 second address: 624C8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F565CC82DF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6257F9 second address: 6257FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6257FF second address: 625805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 625805 second address: 62580A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62580A second address: 625849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E02h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ecx 0x00000012 jmp 00007F565CC82DFCh 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F565CC82E00h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 625849 second address: 62584D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 629EFD second address: 629F02 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A049 second address: 62A055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F565CCCA026h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A055 second address: 62A06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F565CC82DFEh 0x0000000d push edi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edi 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A58C second address: 62A5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F565CCCA028h 0x00000012 jmp 00007F565CCCA038h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A5C2 second address: 62A5C7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A787 second address: 62A79C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007F565CCCA026h 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jbe 00007F565CCCA026h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62A942 second address: 62A94E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F565CC82DF6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 62AA74 second address: 62AA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 639066 second address: 639089 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F565CC82DF8h 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 639089 second address: 639091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 639091 second address: 639095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637623 second address: 63764D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F565CCCA02Bh 0x0000000f jmp 00007F565CCCA032h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637795 second address: 6377A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a js 00007F565CC82DF6h 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377A6 second address: 6377C7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F565CCCA035h 0x00000008 pop ecx 0x00000009 jnc 00007F565CCCA02Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377C7 second address: 6377DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F565CC82DFAh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377DC second address: 6377E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377E0 second address: 6377EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377EC second address: 6377F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6377F0 second address: 637832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CC82E06h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F565CC82E04h 0x00000013 jng 00007F565CC82DF6h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F565CC82DF6h 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637832 second address: 637838 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637969 second address: 63796D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 63796D second address: 637977 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565CCCA026h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637ADE second address: 637B0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F565CC82DF6h 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F565CC82DF6h 0x00000015 jmp 00007F565CC82E02h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637B0E second address: 637B12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637B12 second address: 637B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F565CC82DF8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 637B20 second address: 637B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA030h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6405C9 second address: 6405CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6405CD second address: 6405DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F565CCCA02Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6401A0 second address: 6401AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F565CC82DF6h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6401AE second address: 6401B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 64DF1F second address: 64DF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F565CC82DFCh 0x0000000c jne 00007F565CC82DF6h 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 653CDF second address: 653CE4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 657A56 second address: 657A6A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnl 00007F565CC82DF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F565CC82DF6h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 657A6A second address: 657A6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 657905 second address: 657920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F565CC82E03h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 65CEEE second address: 65CEF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 660F5C second address: 660F63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 667AE3 second address: 667AF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA02Eh 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 667AF6 second address: 667B01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 671B01 second address: 671B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 671B07 second address: 671B1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F565CC82DFEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 671B1B second address: 671B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 671D8A second address: 671D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 672A19 second address: 672A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 672A1F second address: 672A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 672A29 second address: 672A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 676604 second address: 67661C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E04h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 67A5A0 second address: 67A5A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 67A5A4 second address: 67A5AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 67A5AA second address: 67A5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 67A5B0 second address: 67A5B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 67A5B6 second address: 67A5C8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F565CCCA026h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6901E7 second address: 6901EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6901EB second address: 6901EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69039D second address: 6903A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F565CC82DF6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6903A7 second address: 6903B3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F565CCCA026h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6903B3 second address: 6903BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F565CC82DF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 697349 second address: 69734F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69734F second address: 69735B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F565CC82DF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69735B second address: 69736E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c ja 00007F565CCCA026h 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69736E second address: 69737A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F565CC82DF6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69737A second address: 69739F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F565CCCA02Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F565CCCA03Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69739F second address: 6973A9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F565CC82DF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696421 second address: 69643B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F565CCCA035h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6966F2 second address: 6966F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 6966F8 second address: 696704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696704 second address: 69671D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F565CC82DF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F565CC82DFCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696B37 second address: 696B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696DE1 second address: 696DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F565CC82DF6h 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696DEE second address: 696DF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696DF4 second address: 696DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 696DF8 second address: 696DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69A1FC second address: 69A202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69A27E second address: 69A29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007F565CCCA02Fh 0x0000000c popad 0x0000000d push eax 0x0000000e jp 00007F565CCCA02Eh 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69A29F second address: 69A2EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 nop 0x00000006 mov edx, dword ptr [ebp+122D1E02h] 0x0000000c add dx, 0153h 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F565CC82DF8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d jng 00007F565CC82DFCh 0x00000033 mov edx, dword ptr [ebp+122D1FD0h] 0x00000039 push 2E288CA5h 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007F565CC82DF8h 0x00000046 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69A2EA second address: 69A2F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69B7DF second address: 69B7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69D772 second address: 69D776 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69D776 second address: 69D77C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69F462 second address: 69F476 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F565CCCA026h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F565CCCA026h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69F476 second address: 69F480 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F565CC82DF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 69F480 second address: 69F486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 402CE0 second address: 402CE0 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push edi 0x00000007 push esi 0x00000008 imul eax, eax, 001E7319h 0x0000000e add eax, 3CFB5543h 0x00000013 rcr eax, 10h 0x00000016 add eax, esi 0x00000018 imul eax, edi 0x0000001b xor edx, edx 0x0000001d mul dword ptr [ebp+08h] 0x00000020 mov eax, edx 0x00000022 pop esi 0x00000023 pop edi 0x00000024 pop ebx 0x00000025 leave 0x00000026 retn 0004h 0x00000029 lea eax, dword ptr [eax+00000300h] 0x0000002f push eax 0x00000030 push 00405BFCh 0x00000035 call 00007F565CC847C5h 0x0000003a push ebp 0x0000003b mov ebp, esp 0x0000003d push ebx 0x0000003e push edi 0x0000003f push esi 0x00000040 mov edi, dword ptr [ebp+08h] 0x00000043 push 000000FFh 0x00000048 call 00007F565CC830CEh 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49308C4 second address: 49308DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, CBB6h 0x00000011 mov cl, dl 0x00000013 popad 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49308DE second address: 49308E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49308E4 second address: 49308E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49307FC second address: 493080C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFCh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493080C second address: 49104AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F565CCCA02Dh 0x00000010 or esi, 2A2E0F86h 0x00000016 jmp 00007F565CCCA031h 0x0000001b popfd 0x0000001c popad 0x0000001d jmp dword ptr [762911CCh] 0x00000023 mov edi, edi 0x00000025 push ebp 0x00000026 mov ebp, esp 0x00000028 mov eax, dword ptr [ebp+08h] 0x0000002b sub esp, 1Ch 0x0000002e test eax, eax 0x00000030 je 00007F565CCCA0BEh 0x00000036 mov eax, dword ptr fs:[00000030h] 0x0000003c mov eax, dword ptr [eax+08h] 0x0000003f mov esp, ebp 0x00000041 pop ebp 0x00000042 retn 0004h 0x00000045 mov dword ptr [ebp-04h], eax 0x00000048 mov dword ptr [ebp-48h], 00000000h 0x0000004f mov eax, dword ptr [ebp+08h] 0x00000052 mov dword ptr [ebp-44h], eax 0x00000055 mov dword ptr [ebp-40h], 00000000h 0x0000005c mov dword ptr [ebp-3Ch], 00000000h 0x00000063 mov eax, dword ptr [ebp-04h] 0x00000066 mov dword ptr [ebp-38h], eax 0x00000069 mov dword ptr [ebp-28h], 00000000h 0x00000070 lea eax, dword ptr [ebp-0000024Ch] 0x00000076 mov dword ptr [ebp-24h], eax 0x00000079 push 00007F04h 0x0000007e push 00000000h 0x00000080 call 00007F565CCCBBE7h 0x00000085 jmp 00007F56611D7388h 0x0000008a mov edi, edi 0x0000008c pushad 0x0000008d mov al, 87h 0x0000008f call 00007F565CCCA033h 0x00000094 push eax 0x00000095 push edx 0x00000096 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49104AC second address: 49104C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F565CC82E01h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49104C6 second address: 49104D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA02Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49105BA second address: 4910632 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b jmp 00007F565CC82E04h 0x00000010 mov di, cx 0x00000013 popad 0x00000014 sub edi, edi 0x00000016 jmp 00007F565CC82DFDh 0x0000001b test dword ptr [ebp+0Ch], FFFF0000h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F565CC82E03h 0x0000002b and si, 2BFEh 0x00000030 jmp 00007F565CC82E09h 0x00000035 popfd 0x00000036 mov bl, cl 0x00000038 popad 0x00000039 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910632 second address: 491064F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA039h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491064F second address: 49106FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F56CECD1F03h 0x00000011 jmp 00007F565CC82DFEh 0x00000016 mov edx, dword ptr [ebp+0Ch] 0x00000019 jmp 00007F565CC82E00h 0x0000001e mov ecx, dword ptr [ebp+08h] 0x00000021 jmp 00007F565CC82E00h 0x00000026 call 00007F565CC82DF9h 0x0000002b jmp 00007F565CC82E00h 0x00000030 push eax 0x00000031 pushad 0x00000032 push ebx 0x00000033 pushfd 0x00000034 jmp 00007F565CC82DFCh 0x00000039 jmp 00007F565CC82E05h 0x0000003e popfd 0x0000003f pop eax 0x00000040 jmp 00007F565CC82E01h 0x00000045 popad 0x00000046 mov eax, dword ptr [esp+04h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d mov dh, D7h 0x0000004f popad 0x00000050 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49107C2 second address: 49107C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49107FD second address: 491080C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491080C second address: 4910847 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a jmp 00007F565CCCA02Eh 0x0000000f leave 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F565CCCA02Ah 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910847 second address: 491084D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491084D second address: 491085E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA02Dh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491085E second address: 4910871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0008h 0x0000000b mov dword ptr [ebp-34h], eax 0x0000000e push 00007F01h 0x00000013 push 00000000h 0x00000015 call 00007F565CC849A2h 0x0000001a jmp 00007F5661190535h 0x0000001f mov edi, edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910871 second address: 4910877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910877 second address: 491088D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F565CC82DFBh 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491088D second address: 4910893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910893 second address: 4910897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910897 second address: 491089B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491089B second address: 49108AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, di 0x0000000f mov si, di 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49108AE second address: 49108D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA030h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F565CCCA02Ah 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49108D1 second address: 49108E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49108E0 second address: 4910944 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushad 0x0000000d mov edi, eax 0x0000000f jmp 00007F565CCCA036h 0x00000014 popad 0x00000015 pushfd 0x00000016 jmp 00007F565CCCA032h 0x0000001b sbb al, FFFFFFA8h 0x0000001e jmp 00007F565CCCA02Bh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910944 second address: 4910948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910948 second address: 491094E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491094E second address: 491096D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565CC82DFEh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491096D second address: 4910973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910973 second address: 4910977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910977 second address: 491097B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491097B second address: 49109E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a mov bl, E7h 0x0000000c mov eax, 1A130767h 0x00000011 popad 0x00000012 xchg eax, edi 0x00000013 pushad 0x00000014 movzx ecx, di 0x00000017 pushfd 0x00000018 jmp 00007F565CC82E05h 0x0000001d xor cx, 2886h 0x00000022 jmp 00007F565CC82E01h 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a pushad 0x0000002b mov ebx, 68DC98C2h 0x00000030 mov ecx, edx 0x00000032 popad 0x00000033 xchg eax, edi 0x00000034 pushad 0x00000035 mov edx, 573061E6h 0x0000003a mov bx, B672h 0x0000003e popad 0x0000003f mov edi, 00000000h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 mov ah, bh 0x00000049 push esi 0x0000004a pop edi 0x0000004b popad 0x0000004c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49109E3 second address: 4910A11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov esi, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test dword ptr [ebp+0Ch], FFFF0000h 0x00000011 jmp 00007F565CCCA02Dh 0x00000016 jne 00007F56CED20245h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov di, E9CEh 0x00000023 push edx 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910A11 second address: 4910A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910A17 second address: 4910A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910A1B second address: 4910A1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910A1F second address: 4910A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565CCCA035h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910A41 second address: 4910AA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, dword ptr [ebp+08h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F565CC82E05h 0x00000014 jmp 00007F565CC82DFBh 0x00000019 popfd 0x0000001a jmp 00007F565CC82E08h 0x0000001f popad 0x00000020 push 0BFAACEBh 0x00000025 pushad 0x00000026 movsx edx, cx 0x00000029 movzx ecx, di 0x0000002c popad 0x0000002d xor dword ptr [esp], 0BFA2CABh 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910AA3 second address: 4910AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F565CCCA02Ah 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910AB2 second address: 4910B1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F565CC82E06h 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 mov ax, di 0x00000015 jmp 00007F565CC82E03h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007F565CC82E06h 0x00000023 and si, 8958h 0x00000028 jmp 00007F565CC82DFBh 0x0000002d popfd 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910B1C second address: 4910BA9 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 44451E0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c mov edi, eax 0x0000000e movzx esi, dx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 mov si, 2591h 0x00000018 pushfd 0x00000019 jmp 00007F565CCCA02Eh 0x0000001e and al, FFFFFFE8h 0x00000021 jmp 00007F565CCCA02Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esp], edi 0x0000002b pushad 0x0000002c movzx esi, di 0x0000002f call 00007F565CCCA031h 0x00000034 mov cx, 4BC7h 0x00000038 pop ecx 0x00000039 popad 0x0000003a push 00000001h 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F565CCCA039h 0x00000043 sbb si, B266h 0x00000048 jmp 00007F565CCCA031h 0x0000004d popfd 0x0000004e push eax 0x0000004f push edx 0x00000050 mov al, 94h 0x00000052 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491005A second address: 4910060 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910060 second address: 49100A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 5ED3h 0x00000007 jmp 00007F565CCCA038h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 jmp 00007F565CCCA030h 0x00000016 and esp, FFFFFFF8h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F565CCCA02Ah 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49100A5 second address: 49100A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49100A9 second address: 49100AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910242 second address: 4910246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910246 second address: 4910263 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA039h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910263 second address: 4910289 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsd 0x0000000b rep movsd 0x0000000d rep movsd 0x0000000f rep movsd 0x00000011 rep movsd 0x00000013 rep movsd 0x00000015 rep movsd 0x00000017 rep movsd 0x00000019 rep movsd 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F565CC82DFDh 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910289 second address: 49102D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [esp+38h], 00000000h 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 call 00007F565CCCA038h 0x00000016 pushad 0x00000017 popad 0x00000018 pop ecx 0x00000019 popad 0x0000001a lea ecx, dword ptr [esp+0Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F565CCCA02Ah 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49102D2 second address: 491030F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F565CC82DF9h 0x0000000e pushad 0x0000000f mov bh, al 0x00000011 mov eax, edi 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F565CC82DFAh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F565CC82DFEh 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491030F second address: 4910397 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 2894h 0x00000007 mov dl, 3Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F565CCCA02Fh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 mov bx, A63Ah 0x0000001c pushfd 0x0000001d jmp 00007F565CCCA02Bh 0x00000022 sbb si, 75DEh 0x00000027 jmp 00007F565CCCA039h 0x0000002c popfd 0x0000002d popad 0x0000002e pop eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov ecx, ebx 0x00000034 pushfd 0x00000035 jmp 00007F565CCCA02Fh 0x0000003a sub ax, EFEEh 0x0000003f jmp 00007F565CCCA039h 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910397 second address: 491039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 491039D second address: 49103A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49103A1 second address: 49103A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930040 second address: 4930044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930044 second address: 4930048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930048 second address: 493004E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493004E second address: 49300CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov bh, 4Bh 0x0000000d mov ah, 9Eh 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F565CC82E05h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F565CC82DFEh 0x0000001d sub eax, eax 0x0000001f jmp 00007F565CC82E01h 0x00000024 mov edx, dword ptr [ebp+0Ch] 0x00000027 jmp 00007F565CC82DFEh 0x0000002c nop 0x0000002d jmp 00007F565CC82E00h 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300CD second address: 49300D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300D1 second address: 49300ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300ED second address: 49300F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300F3 second address: 49300F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300F7 second address: 49300FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49300FB second address: 4930108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930108 second address: 4930142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 606C86E6h 0x00000009 popad 0x0000000a jmp 00007F565CCCA037h 0x0000000f popad 0x00000010 nop 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F565CCCA035h 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930142 second address: 4930187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F565CC82E01h 0x0000000f nop 0x00000010 jmp 00007F565CC82DFEh 0x00000015 call 00007F565CC82DF9h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930187 second address: 493018B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493018B second address: 49301A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49301A8 second address: 4930213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F565CCCA031h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F565CCCA031h 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007F565CCCA031h 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007F565CCCA031h 0x00000028 pop eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930213 second address: 4930217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930217 second address: 493021B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493021B second address: 4930221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930221 second address: 493024C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA032h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F565CCCA02Dh 0x00000012 mov di, ax 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493024C second address: 4930263 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov cx, 8F3Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov edx, ecx 0x00000013 mov bx, ax 0x00000016 popad 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930263 second address: 4930269 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930269 second address: 4930284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930284 second address: 4930289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930289 second address: 49302F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+34h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F565CC82DFEh 0x00000013 or ax, 4A48h 0x00000018 jmp 00007F565CC82DFBh 0x0000001d popfd 0x0000001e jmp 00007F565CC82E08h 0x00000023 popad 0x00000024 mov ecx, dword ptr [ebp+08h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F565CC82E07h 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49302F8 second address: 4930388 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565CCCA02Fh 0x00000008 pushfd 0x00000009 jmp 00007F565CCCA038h 0x0000000e sub eax, 69D02168h 0x00000014 jmp 00007F565CCCA02Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push dword ptr [ebp+30h] 0x00000020 jmp 00007F565CCCA036h 0x00000025 push dword ptr [ebp+2Ch] 0x00000028 jmp 00007F565CCCA030h 0x0000002d push dword ptr [ebp+28h] 0x00000030 jmp 00007F565CCCA030h 0x00000035 push dword ptr [ebp+24h] 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F565CCCA02Ah 0x00000041 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4930388 second address: 493038E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 493038E second address: 49303DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+20h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F565CCCA02Eh 0x00000013 adc cx, C3B8h 0x00000018 jmp 00007F565CCCA02Bh 0x0000001d popfd 0x0000001e mov edi, esi 0x00000020 popad 0x00000021 push dword ptr [ebp+1Ch] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F565CCCA031h 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49303DD second address: 4930419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E01h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+18h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F565CC82DFAh 0x00000015 jmp 00007F565CC82E05h 0x0000001a popfd 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920967 second address: 492096D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492096D second address: 4920971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920971 second address: 4920975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920975 second address: 4920998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565CC82E06h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920998 second address: 49209BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov ch, 27h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, 00000000h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F565CCCA031h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209BB second address: 49209CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFCh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209CB second address: 49209CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209CF second address: 49209F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, 00000000h 0x0000000d jmp 00007F565CC82DFCh 0x00000012 push dword ptr [ebp+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209F1 second address: 49209F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209F5 second address: 49209F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49209F9 second address: 49209FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910C5C second address: 4910C74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82E04h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910C74 second address: 4910CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F565CCCA039h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F565CCCA038h 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910CBC second address: 4910CC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910CC2 second address: 4910D45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007F565CCCA02Eh 0x00000011 mov bx, ax 0x00000014 popad 0x00000015 mov ecx, dword ptr [769B4C30h] 0x0000001b pushad 0x0000001c mov si, 96D9h 0x00000020 pushfd 0x00000021 jmp 00007F565CCCA036h 0x00000026 sub ax, 9768h 0x0000002b jmp 00007F565CCCA02Bh 0x00000030 popfd 0x00000031 popad 0x00000032 xchg eax, ebx 0x00000033 jmp 00007F565CCCA036h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F565CCCA02Eh 0x00000040 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910D45 second address: 4910D8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F565CC82E01h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f mov dx, si 0x00000012 mov ecx, 4E465E35h 0x00000017 popad 0x00000018 xchg eax, esi 0x00000019 jmp 00007F565CC82E00h 0x0000001e push eax 0x0000001f jmp 00007F565CC82DFBh 0x00000024 xchg eax, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push edi 0x00000029 pop ecx 0x0000002a push edx 0x0000002b pop ecx 0x0000002c popad 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910D8F second address: 4910E06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA038h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b jmp 00007F565CCCA031h 0x00000010 xchg eax, edi 0x00000011 pushad 0x00000012 movzx esi, dx 0x00000015 mov dh, F5h 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F565CCCA031h 0x00000020 jmp 00007F565CCCA02Bh 0x00000025 popfd 0x00000026 movzx esi, dx 0x00000029 popad 0x0000002a xchg eax, edi 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e call 00007F565CCCA037h 0x00000033 pop eax 0x00000034 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910E06 second address: 4910E3A instructions: 0x00000000 rdtsc 0x00000002 call 00007F565CC82E09h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b movzx ecx, dx 0x0000000e pop ebx 0x0000000f popad 0x00000010 mov edi, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F565CC82DFBh 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910E3A second address: 4910E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910E40 second address: 4910E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910E44 second address: 4910F25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b movzx eax, di 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F565CCCA034h 0x00000015 jmp 00007F565CCCA035h 0x0000001a popfd 0x0000001b mov ah, B0h 0x0000001d popad 0x0000001e cmp ebx, dword ptr [ecx+0Ch] 0x00000021 pushad 0x00000022 mov ebx, 3EB9F79Ch 0x00000027 pushfd 0x00000028 jmp 00007F565CCCA035h 0x0000002d adc si, BDF6h 0x00000032 jmp 00007F565CCCA031h 0x00000037 popfd 0x00000038 popad 0x00000039 jc 00007F56CED037E8h 0x0000003f jmp 00007F565CCCA02Eh 0x00000044 ja 00007F56CED0384Fh 0x0000004a jmp 00007F565CCCA030h 0x0000004f cmp eax, dword ptr [ecx+08h] 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 pushfd 0x00000056 jmp 00007F565CCCA02Dh 0x0000005b add cx, 50B6h 0x00000060 jmp 00007F565CCCA031h 0x00000065 popfd 0x00000066 call 00007F565CCCA030h 0x0000006b pop eax 0x0000006c popad 0x0000006d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910F25 second address: 4910F2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910F2B second address: 4910F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4910F2F second address: 4910F33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490001C second address: 4900022 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900022 second address: 4900087 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007F565CC82DF9h 0x00000010 pushad 0x00000011 jmp 00007F565CC82E03h 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 push edx 0x0000001a mov eax, 61E76851h 0x0000001f pop eax 0x00000020 movsx edi, ax 0x00000023 popad 0x00000024 mov eax, dword ptr [esp+04h] 0x00000028 jmp 00007F565CC82E09h 0x0000002d mov eax, dword ptr [eax] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov edx, esi 0x00000034 push eax 0x00000035 pop edi 0x00000036 popad 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900087 second address: 490008C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490008C second address: 49000CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F565CC82DFFh 0x00000016 or cl, 0000004Eh 0x00000019 jmp 00007F565CC82E09h 0x0000001e popfd 0x0000001f push esi 0x00000020 pop edx 0x00000021 popad 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49000CC second address: 49000ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565CCCA02Dh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900176 second address: 490018E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82E04h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490018E second address: 4900262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, eax 0x0000000a jmp 00007F565CCCA037h 0x0000000f mov esi, edx 0x00000011 jmp 00007F565CCCA036h 0x00000016 mov dword ptr [ebp-1Ch], esi 0x00000019 pushad 0x0000001a push eax 0x0000001b pushfd 0x0000001c jmp 00007F565CCCA02Dh 0x00000021 and cx, 6676h 0x00000026 jmp 00007F565CCCA031h 0x0000002b popfd 0x0000002c pop ecx 0x0000002d mov ax, di 0x00000030 popad 0x00000031 mov ecx, ebx 0x00000033 jmp 00007F565CCCA033h 0x00000038 or ecx, esi 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F565CCCA034h 0x00000041 xor cx, C5F8h 0x00000046 jmp 00007F565CCCA02Bh 0x0000004b popfd 0x0000004c movzx eax, dx 0x0000004f popad 0x00000050 je 00007F56CECFDB2Fh 0x00000056 pushad 0x00000057 jmp 00007F565CCCA031h 0x0000005c pushad 0x0000005d mov cl, 8Bh 0x0000005f mov ecx, ebx 0x00000061 popad 0x00000062 popad 0x00000063 and dword ptr [ebp-04h], 00000000h 0x00000067 pushad 0x00000068 mov cl, bl 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900262 second address: 4900266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900266 second address: 4900299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edi, dword ptr [ebp+10h] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F565CCCA030h 0x00000011 sub eax, 204FB1E8h 0x00000017 jmp 00007F565CCCA02Bh 0x0000001c popfd 0x0000001d push eax 0x0000001e push edx 0x0000001f movzx ecx, di 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900299 second address: 49002BE instructions: 0x00000000 rdtsc 0x00000002 mov dx, FD56h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565CC82E08h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49002BE second address: 4900317 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3231EB24h 0x00000008 call 00007F565CCCA02Dh 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007F56CECFDA75h 0x00000017 pushad 0x00000018 call 00007F565CCCA02Dh 0x0000001d mov ax, 1D97h 0x00000021 pop eax 0x00000022 mov eax, edi 0x00000024 popad 0x00000025 mov ecx, dword ptr [ebx+00000080h] 0x0000002b jmp 00007F565CCCA02Fh 0x00000030 mov edx, dword ptr [ebx+00000084h] 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 movsx ebx, cx 0x0000003c mov cl, 90h 0x0000003e popad 0x0000003f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900317 second address: 490036B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007F565CC82E00h 0x0000000b jmp 00007F565CC82E05h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov eax, ecx 0x00000016 jmp 00007F565CC82DFEh 0x0000001b or eax, edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007F565CC82DFDh 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490036B second address: 4900379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CCCA02Ah 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900439 second address: 4900473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F565CC82DFBh 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov si, A5BDh 0x00000017 pushfd 0x00000018 jmp 00007F565CC82DFAh 0x0000001d sbb si, C198h 0x00000022 jmp 00007F565CC82DFBh 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900473 second address: 490047C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 6ABAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490047C second address: 49004A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ecx, dword ptr [ebp+08h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F565CC82E08h 0x00000012 pop eax 0x00000013 mov dx, B1E6h 0x00000017 popad 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490057C second address: 4900582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900582 second address: 4900586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4900586 second address: 490058A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490058A second address: 490059E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F56CECC6D83h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 490059E second address: 49005A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49005A2 second address: 49005B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49005B6 second address: 4900612 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F565CCCA02Ch 0x00000009 and ax, 1628h 0x0000000e jmp 00007F565CCCA02Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [esi+00000088h] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F565CCCA02Bh 0x00000026 adc si, 976Eh 0x0000002b jmp 00007F565CCCA039h 0x00000030 popfd 0x00000031 movzx ecx, dx 0x00000034 popad 0x00000035 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49200AD second address: 49200B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49200B3 second address: 49200B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49200B7 second address: 49200C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ch, bl 0x0000000d push eax 0x0000000e push edx 0x0000000f mov al, DDh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49200C8 second address: 492010E instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edx, dword ptr [ebp+10h] 0x0000000a pushad 0x0000000b mov ecx, edx 0x0000000d pushfd 0x0000000e jmp 00007F565CCCA02Dh 0x00000013 xor ecx, 23E56506h 0x00000019 jmp 00007F565CCCA031h 0x0000001e popfd 0x0000001f popad 0x00000020 sub esp, 20h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F565CCCA02Dh 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492010E second address: 492011E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFCh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920267 second address: 49202B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F56CED05799h 0x0000000d jmp 00007F565CCCA02Dh 0x00000012 mov esi, dword ptr fs:[00000018h] 0x00000019 jmp 00007F565CCCA02Eh 0x0000001e mov eax, dword ptr [esi+00000FDCh] 0x00000024 jmp 00007F565CCCA030h 0x00000029 test eax, eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49202B4 second address: 49202D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49202D1 second address: 49202F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F565CCCA060h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49202F1 second address: 49202FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 609Ch 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49202FA second address: 4920300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920300 second address: 4920304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920304 second address: 492035B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add esi, eax 0x0000000a jmp 00007F565CCCA038h 0x0000000f mov eax, dword ptr [esi+000008B0h] 0x00000015 jmp 00007F565CCCA030h 0x0000001a or eax, dword ptr [esi+000008B4h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F565CCCA037h 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492035B second address: 4920373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82E04h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920373 second address: 4920387 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F56CED056ABh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920387 second address: 492038B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492038B second address: 49203A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA034h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49203A3 second address: 49203B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F565CC82DFEh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49203B5 second address: 49203D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ax, dx 0x00000014 mov ebx, 6F9CDFB2h 0x00000019 popad 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49203D5 second address: 4920414 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E08h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F565CC82E00h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F565CC82DFDh 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920414 second address: 4920429 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920429 second address: 492042F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492042F second address: 4920433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920433 second address: 4920494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F565CC82E04h 0x00000013 add cx, 1FE8h 0x00000018 jmp 00007F565CC82DFBh 0x0000001d popfd 0x0000001e mov edx, esi 0x00000020 popad 0x00000021 xchg eax, edx 0x00000022 jmp 00007F565CC82E02h 0x00000027 push eax 0x00000028 pushad 0x00000029 mov eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d mov bx, 4FDEh 0x00000031 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920494 second address: 49204C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F565CCCA035h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49204C0 second address: 49204FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 75h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F565CC82E07h 0x00000013 call 00007F565CC82E08h 0x00000018 pop esi 0x00000019 popad 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920557 second address: 492055B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492055B second address: 4920561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920561 second address: 4920579 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [769B459Ch], 05h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920579 second address: 492057D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492057D second address: 4920581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920581 second address: 4920587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920587 second address: 492058D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492058D second address: 49205BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F565CC82E05h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49205BB second address: 49205F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, B792h 0x00000007 call 00007F565CCCA033h 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [ebp-04h], edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F565CCCA032h 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49205F0 second address: 4920625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F56CECBE27Eh 0x0000000f pushad 0x00000010 movsx edi, si 0x00000013 popad 0x00000014 mov ecx, dword ptr [esi+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F565CC82E04h 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920625 second address: 4920634 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA02Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920634 second address: 4920661 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82E09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565CC82DFDh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920661 second address: 4920685 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CCCA031h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565CCCA02Ch 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920685 second address: 49206AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F565CC82DFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F565CC82E05h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206AC second address: 49206B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206B2 second address: 49206B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206B6 second address: 49206BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206BA second address: 49206EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ebx, dword ptr [esi+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F565CC82E00h 0x00000014 add cx, 7918h 0x00000019 jmp 00007F565CC82DFBh 0x0000001e popfd 0x0000001f mov dx, ax 0x00000022 popad 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206EE second address: 49206F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206F4 second address: 49206F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206F8 second address: 49206FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 49206FC second address: 492074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, ebx 0x0000000a jmp 00007F565CC82E03h 0x0000000f call 00007F56CEC95ECDh 0x00000014 mov edi, edi 0x00000016 push ebp 0x00000017 mov ebp, esp 0x00000019 push ecx 0x0000001a push esi 0x0000001b mov esi, edx 0x0000001d push edi 0x0000001e cmp ecx, 00000107h 0x00000024 jbe 00007F565CC82E0Eh 0x00000026 sub ecx, 0000010Fh 0x0000002c je 00007F565CC82E28h 0x0000002e sub ecx, 11h 0x00000031 je 00007F565CC82E23h 0x00000033 sub ecx, 00000166h 0x00000039 je 00007F565CC82E1Bh 0x0000003b xor eax, eax 0x0000003d pop edi 0x0000003e inc eax 0x0000003f pop esi 0x00000040 leave 0x00000041 ret 0x00000042 jmp 00007F565CC82E06h 0x00000047 test eax, eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F565CC82E07h 0x00000050 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492074F second address: 4920755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920755 second address: 4920785 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F56CEC95E85h 0x0000000e jmp 00007F565CC82E07h 0x00000013 mov eax, dword ptr [769B4C30h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920785 second address: 4920789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920789 second address: 492078F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 492078F second address: 4920795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920795 second address: 4920799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeRDTSC instruction interceptor: First address: 4920799 second address: 492079D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Tries to evade debugger and weak emulator (self modifying code)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSpecial instruction interceptor: First address: 40BD57 instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSpecial instruction interceptor: First address: 5E15B7 instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSpecial instruction interceptor: First address: 5C8CAC instructions caused by: Self-modifying code
          Source: C:\ProgramData\prhbpso\huflh.exeSpecial instruction interceptor: First address: 40BD57 instructions caused by: Self-modifying code
          Source: C:\ProgramData\prhbpso\huflh.exeSpecial instruction interceptor: First address: 5E15B7 instructions caused by: Self-modifying code
          Source: C:\ProgramData\prhbpso\huflh.exeSpecial instruction interceptor: First address: 5C8CAC instructions caused by: Self-modifying code
          Source: C:\ProgramData\prhbpso\huflh.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeCode function: 0_2_04920940 rdtsc 0_2_04920940
          Source: C:\ProgramData\prhbpso\huflh.exeWindow / User API: threadDelayed 1617Jump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeWindow / User API: threadDelayed 621Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 52 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 41 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 56 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 134 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 222 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 66 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 201 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep count: 154 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe TID: 6108Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 6416Thread sleep time: -124062s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 6440Thread sleep time: -132066s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 3796Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 4876Thread sleep time: -126063s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 4512Thread sleep time: -3235617s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exe TID: 4512Thread sleep time: -1242621s >= -30000sJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeThread delayed: delay time: 60000Jump to behavior
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, 00000000.00000002.2171239044.0000000000596000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, 00000000.00000002.2171239044.0000000000596000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeThread information set: HideFromDebuggerJump to behavior
          Potentially malicious time measurement code found
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeCode function: 0_2_049204D3 Start: 049205BB End: 0492055B0_2_049204D3
          Tries to detect sandboxes and other dynamic analysis tools (window names)
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: regmonclass
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: gbdyllo
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: procmon_window_class
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: ollydbg
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: filemonclass
          Source: C:\ProgramData\prhbpso\huflh.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\prhbpso\huflh.exeFile opened: NTICE
          Source: C:\ProgramData\prhbpso\huflh.exeFile opened: SICE
          Source: C:\ProgramData\prhbpso\huflh.exeFile opened: SIWVID
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\prhbpso\huflh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exeCode function: 0_2_04920940 rdtsc 0_2_04920940
          Source: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe, 00000000.00000002.2171239044.0000000000596000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: yProgram Manager

          Stealing of Sensitive Information

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000001.00000003.2201616017.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2163770369.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe PID: 3428, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: huflh.exe PID: 5268, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000001.00000003.2201616017.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2163770369.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe PID: 3428, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: huflh.exe PID: 5268, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Command and Scripting Interpreter          		1
          Scheduled Task/Job          		2
          Process Injection          		1
          Masquerading          		OS Credential Dumping741
          Security Software Discovery          		Remote ServicesData from Local System1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Scheduled Task/Job          		1
          DLL Side-Loading          		1
          Scheduled Task/Job          		241
          Virtualization/Sandbox Evasion          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		2
          Process Injection          		Security Account Manager241
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive11
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Software Packing          		LSA Secrets22
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.