Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cubrodriver.exe

Overview

General Information

Sample name:cubrodriver.exe
Analysis ID:1632144
MD5:190272ebd2e82a80b242b1bdd442b859
SHA1:fceb12a205c28c30b2049c55924a9872a1a3eb71
SHA256:c13d59dc2e8ee1cbdb8016de0fb3b374f827406fa5d2d1aa4a2820170816d131
Tags:exeSystemBCuser-abuse_ch
Infos:

Detection

SystemBC
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected SystemBC
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • cubrodriver.exe (PID: 8440 cmdline: "C:\Users\user\Desktop\cubrodriver.exe" MD5: 190272EBD2E82A80B242B1BDD442B859)
  • xrilthp.exe (PID: 8600 cmdline: C:\ProgramData\tjjsd\xrilthp.exe MD5: 190272EBD2E82A80B242B1BDD442B859)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SystemBCSystemBC is a multiplatform proxy malware active since August 2019. It creates SOCKS5 network tunnels in the victims network and connects to its C2 server using a custom, RC4-encrypted protocol. It can also download and execute additional malware, with payloads either written to disk or mapped into memory. The SystemBC kit, including the C2 panel, server, and malware executables, is sold in underground forums.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.systembc

Malware Configuration

Threatname: SystemBC

{"HOST1": "towerbingobongoboom.com", "HOST2": "62.60.226.86"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1324139236.0000000004774000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
    00000001.00000003.1365940162.0000000004774000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
      Process Memory Space: cubrodriver.exe PID: 8440JoeSecurity_SystemBCYara detected SystemBCJoe Security
        Process Memory Space: xrilthp.exe PID: 8600JoeSecurity_SystemBCYara detected SystemBCJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: towerbingobongoboom.comAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000001.00000003.1365940162.0000000004774000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SystemBC {"HOST1": "towerbingobongoboom.com", "HOST2": "62.60.226.86"}
          Multi AV Scanner detection for dropped file
          Source: C:\ProgramData\tjjsd\xrilthp.exeReversingLabs: Detection: 63%
          Multi AV Scanner detection for submitted file
          Source: cubrodriver.exeVirustotal: Detection: 63%Perma Link
          Source: cubrodriver.exeReversingLabs: Detection: 63%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: cubrodriver.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: towerbingobongoboom.com
          Source: Malware configuration extractorURLs: 62.60.226.86
          Source: global trafficTCP traffic: 192.168.2.5:49699 -> 213.209.150.137:4000
          Source: Joe Sandbox ViewIP Address: 213.209.150.137 213.209.150.137
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: towerbingobongoboom.com
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
          Source: cubrodriver.exe, xrilthp.exe.0.drString found in binary or memory: https://sectigo.com/CPS0

          System Summary

          barindex
          PE file contains section with special chars
          Source: cubrodriver.exeStatic PE information: section name:
          Source: cubrodriver.exeStatic PE information: section name: .idata
          Source: cubrodriver.exeStatic PE information: section name:
          Source: xrilthp.exe.0.drStatic PE information: section name:
          Source: xrilthp.exe.0.drStatic PE information: section name: .idata
          Source: xrilthp.exe.0.drStatic PE information: section name:
          Source: C:\ProgramData\tjjsd\xrilthp.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\cubrodriver.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior
          Source: Joe Sandbox ViewDropped File: C:\ProgramData\tjjsd\xrilthp.exe C13D59DC2E8EE1CBDB8016DE0FB3B374F827406FA5D2D1AA4A2820170816D131
          Source: cubrodriver.exeStatic PE information: invalid certificate
          Source: cubrodriver.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: cubrodriver.exeStatic PE information: Section: yuxfscdw ZLIB complexity 0.9944930111069277
          Source: xrilthp.exe.0.drStatic PE information: Section: yuxfscdw ZLIB complexity 0.9944930111069277
          Source: cubrodriver.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
          Source: xrilthp.exe.0.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
          Source: classification engineClassification label: mal100.troj.evad.winEXE@2/3@1/1
          Source: C:\ProgramData\tjjsd\xrilthp.exeMutant created: \Sessions\1\BaseNamedObjects\Test Task17
          Source: C:\Users\user\Desktop\cubrodriver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: cubrodriver.exeVirustotal: Detection: 63%
          Source: cubrodriver.exeReversingLabs: Detection: 63%
          Source: cubrodriver.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: xrilthp.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: C:\Users\user\Desktop\cubrodriver.exeFile read: C:\Users\user\Desktop\cubrodriver.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\cubrodriver.exe "C:\Users\user\Desktop\cubrodriver.exe"
          Source: unknownProcess created: C:\ProgramData\tjjsd\xrilthp.exe C:\ProgramData\tjjsd\xrilthp.exe
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: mstask.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeSection loaded: mpr.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: winmm.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: mstask.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
          Source: cubrodriver.exeStatic file information: File size 1732808 > 1048576
          Source: cubrodriver.exeStatic PE information: Raw size of yuxfscdw is bigger than: 0x100000 < 0x19f000

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\cubrodriver.exeUnpacked PE file: 0.2.cubrodriver.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yuxfscdw:EW;oiahzgmh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yuxfscdw:EW;oiahzgmh:EW;.taggant:EW;
          Source: C:\ProgramData\tjjsd\xrilthp.exeUnpacked PE file: 1.2.xrilthp.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yuxfscdw:EW;oiahzgmh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yuxfscdw:EW;oiahzgmh:EW;.taggant:EW;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
          Source: cubrodriver.exeStatic PE information: real checksum: 0x1ac12a should be: 0x1b2325
          Source: xrilthp.exe.0.drStatic PE information: real checksum: 0x1ac12a should be: 0x1b2325
          Source: cubrodriver.exeStatic PE information: section name:
          Source: cubrodriver.exeStatic PE information: section name: .idata
          Source: cubrodriver.exeStatic PE information: section name:
          Source: cubrodriver.exeStatic PE information: section name: yuxfscdw
          Source: cubrodriver.exeStatic PE information: section name: oiahzgmh
          Source: cubrodriver.exeStatic PE information: section name: .taggant
          Source: xrilthp.exe.0.drStatic PE information: section name:
          Source: xrilthp.exe.0.drStatic PE information: section name: .idata
          Source: xrilthp.exe.0.drStatic PE information: section name:
          Source: xrilthp.exe.0.drStatic PE information: section name: yuxfscdw
          Source: xrilthp.exe.0.drStatic PE information: section name: oiahzgmh
          Source: xrilthp.exe.0.drStatic PE information: section name: .taggant
          Source: cubrodriver.exeStatic PE information: section name: entropy: 7.799208910449233
          Source: cubrodriver.exeStatic PE information: section name: yuxfscdw entropy: 7.952071105223017
          Source: xrilthp.exe.0.drStatic PE information: section name: entropy: 7.799208910449233
          Source: xrilthp.exe.0.drStatic PE information: section name: yuxfscdw entropy: 7.952071105223017
          Source: C:\Users\user\Desktop\cubrodriver.exeFile created: C:\ProgramData\tjjsd\xrilthp.exeJump to dropped file
          Source: C:\Users\user\Desktop\cubrodriver.exeFile created: C:\ProgramData\tjjsd\xrilthp.exeJump to dropped file

          Boot Survival

          barindex
          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
          Source: C:\Users\user\Desktop\cubrodriver.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect sandboxes / dynamic malware analysis system (registry check)
          Source: C:\Users\user\Desktop\cubrodriver.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 40BA21 second address: 40BA3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587B55 second address: 587B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F18C0E93056h 0x0000000a pop ebx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587D1B second address: 587D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587E80 second address: 587E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587E85 second address: 587EAE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F18C0B916F9h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587EAE second address: 587EB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 587EB6 second address: 587EC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 588001 second address: 588025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F18C0E93068h 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 588196 second address: 58819E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58819E second address: 5881BD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F18C0E93062h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5881BD second address: 5881C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5881C1 second address: 5881FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F18C0E93065h 0x00000012 jmp 00007F18C0E93064h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5883A8 second address: 5883AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 589F51 second address: 589F83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F18C0E9305Eh 0x00000008 jmp 00007F18C0E93060h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 jc 00007F18C0E9305Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A03C second address: 58A088 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 xor dword ptr [esp], 343CC600h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F18C0B916E8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 movzx ecx, di 0x0000002b lea ebx, dword ptr [ebp+12451E5Bh] 0x00000031 and edx, 7DF1E532h 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d jns 00007F18C0B916E6h 0x00000043 popad 0x00000044 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A2AD second address: 58A2B2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A2B2 second address: 58A2C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A2C0 second address: 58A304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F18C0E9305Ch 0x0000000a popad 0x0000000b nop 0x0000000c xor cx, FE9Bh 0x00000011 push 00000000h 0x00000013 and si, FC77h 0x00000018 call 00007F18C0E93059h 0x0000001d jmp 00007F18C0E93061h 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jl 00007F18C0E93058h 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A304 second address: 58A309 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A309 second address: 58A344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jl 00007F18C0E9306Ch 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F18C0E9305Fh 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A344 second address: 58A348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A348 second address: 58A381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F18C0E93058h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007F18C0E93068h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e jc 00007F18C0E93056h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 58A381 second address: 58A3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F18C0B916F0h 0x0000000d add esi, dword ptr [ebp+122D297Ah] 0x00000013 popad 0x00000014 sub dword ptr [ebp+122D38B2h], ebx 0x0000001a push 00000003h 0x0000001c mov ecx, dword ptr [ebp+122D2A7Eh] 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F18C0B916E8h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 00000015h 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D37FBh], esi 0x00000044 mov dword ptr [ebp+122D1BBEh], edx 0x0000004a push 00000003h 0x0000004c cld 0x0000004d push 4DCC048Ah 0x00000052 pushad 0x00000053 jmp 00007F18C0B916EDh 0x00000058 push eax 0x00000059 push edx 0x0000005a jc 00007F18C0B916E6h 0x00000060 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AA1C5 second address: 5AA1E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AA1E5 second address: 5AA1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A8036 second address: 5A8040 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F18C0E9305Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A8040 second address: 5A8078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916F2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F18C0B916E8h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F18C0B916F6h 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A8078 second address: 5A807F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A8333 second address: 5A833F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 ja 00007F18C0B916E6h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A8E9F second address: 5A8EBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 jmp 00007F18C0E93061h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A91CC second address: 5A91D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 572526 second address: 57252A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57252A second address: 57252E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57252E second address: 572551 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F18C0E93056h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jo 00007F18C0E93058h 0x00000013 push edx 0x00000014 pop edx 0x00000015 jo 00007F18C0E93062h 0x0000001b jnp 00007F18C0E93056h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A9A3D second address: 5A9A59 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F18C0B916EEh 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A9A59 second address: 5A9A7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93064h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a ja 00007F18C0E93078h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5A9A7B second address: 5A9A93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916F2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AC295 second address: 5AC2AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93062h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AC2AD second address: 5AC2B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AC2B1 second address: 5AC2B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AC2B7 second address: 5AC2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F18C0B916F7h 0x0000000e jg 00007F18C0B916E8h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57DF56 second address: 57DF5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57DF5C second address: 57DF60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57DF60 second address: 57DF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F18C0E9305Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57DF77 second address: 57DF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5AF8BC second address: 5AF8CD instructions: 0x00000000 rdtsc 0x00000002 jg 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B173A second address: 5B173E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B1C64 second address: 5B1C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B1C68 second address: 5B1C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B0635 second address: 5B063C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BA911 second address: 5BA917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BA917 second address: 5BA91B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BAB1F second address: 5BAB2C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BAE5B second address: 5BAE75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93066h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BB318 second address: 5BB31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BB31C second address: 5BB377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F18C0E9306Dh 0x0000000c jmp 00007F18C0E93067h 0x00000011 popad 0x00000012 mov dword ptr [esp], ebx 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F18C0E93058h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov edi, 5AB6FDF6h 0x00000034 push eax 0x00000035 jp 00007F18C0E9305Eh 0x0000003b push edi 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BB749 second address: 5BB75A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916ECh 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BC68A second address: 5BC68E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BC68E second address: 5BC69C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F18C0B916E6h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BCF4D second address: 5BCF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BCF51 second address: 5BCF6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BE2FA second address: 5BE300 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BE0E6 second address: 5BE0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BCF6D second address: 5BCF73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BE0EA second address: 5BE0F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BE0F0 second address: 5BE105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F18C0E93060h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BF723 second address: 5BF729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BF9CE second address: 5BF9D8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BF9D8 second address: 5BFA3F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F18C0B916E8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D1E49h], esi 0x0000002b push 00000000h 0x0000002d mov si, CEE0h 0x00000031 push 00000000h 0x00000033 jo 00007F18C0B91706h 0x00000039 call 00007F18C0B916F9h 0x0000003e mov esi, dword ptr [ebp+122D202Ch] 0x00000044 pop esi 0x00000045 push eax 0x00000046 jng 00007F18C0B916EEh 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5812DE second address: 5812E6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C0DA9 second address: 5C0DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C0DAD second address: 5C0DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C2571 second address: 5C2598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F18C0B916F6h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C2598 second address: 5C259D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C259D second address: 5C25D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F18C0B916E8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov di, cx 0x00000029 push 00000000h 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 pop edx 0x00000031 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C25D9 second address: 5C25EF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c jp 00007F18C0E93064h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C25EF second address: 5C25F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C40D1 second address: 5C40D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C51CF second address: 5C51D9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C51D9 second address: 5C523D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F18C0E93062h 0x0000000e nop 0x0000000f jmp 00007F18C0E93061h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F18C0E93058h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov bx, 0509h 0x00000034 push 00000000h 0x00000036 sub dword ptr [ebp+122D23F7h], edi 0x0000003c xchg eax, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C523D second address: 5C5241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C5241 second address: 5C5247 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C5247 second address: 5C5266 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jl 00007F18C0B916E6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F18C0B916EDh 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C7182 second address: 5C7186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C6323 second address: 5C6339 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jng 00007F18C0B916F8h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C6339 second address: 5C633D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C8117 second address: 5C811D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C633D second address: 5C6341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C811D second address: 5C8121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C6341 second address: 5C63D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 pushad 0x00000008 jmp 00007F18C0E9305Bh 0x0000000d cld 0x0000000e popad 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F18C0E93058h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+1247D614h] 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d add edi, dword ptr [ebp+122D2AA6h] 0x00000043 mov eax, dword ptr [ebp+122D013Dh] 0x00000049 pushad 0x0000004a mov dword ptr [ebp+122D2341h], edi 0x00000050 mov ebx, dword ptr [ebp+122D2AFAh] 0x00000056 popad 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push ecx 0x0000005c call 00007F18C0E93058h 0x00000061 pop ecx 0x00000062 mov dword ptr [esp+04h], ecx 0x00000066 add dword ptr [esp+04h], 00000014h 0x0000006e inc ecx 0x0000006f push ecx 0x00000070 ret 0x00000071 pop ecx 0x00000072 ret 0x00000073 mov edi, dword ptr [ebp+122D2EA5h] 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c push ebx 0x0000007d jnc 00007F18C0E93056h 0x00000083 pop ebx 0x00000084 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5C63D2 second address: 5C63D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CA0DA second address: 5CA0E4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CA0E4 second address: 5CA0EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CA0EA second address: 5CA0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CB123 second address: 5CB18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F18C0B916E6h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D30BAh], ebx 0x00000013 movsx ebx, bx 0x00000016 push 00000000h 0x00000018 call 00007F18C0B916F9h 0x0000001d mov edi, dword ptr [ebp+122D25E5h] 0x00000023 pop ebx 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007F18C0B916E8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push eax 0x00000041 push edi 0x00000042 je 00007F18C0B916ECh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CB29B second address: 5CB2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a jmp 00007F18C0E93065h 0x0000000f pop ebx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CB2BB second address: 5CB308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push dword ptr fs:[00000000h] 0x00000010 mov dword ptr [ebp+12462866h], eax 0x00000016 mov edi, 7C1C5FB0h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 mov ebx, 29019EC6h 0x00000027 mov eax, dword ptr [ebp+122D116Dh] 0x0000002d jnc 00007F18C0B916ECh 0x00000033 mov edi, dword ptr [ebp+122D2BADh] 0x00000039 push FFFFFFFFh 0x0000003b mov di, 9109h 0x0000003f nop 0x00000040 pushad 0x00000041 jnp 00007F18C0B916E8h 0x00000047 push edx 0x00000048 pop edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CC331 second address: 5CC335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CD3BC second address: 5CD3C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CB308 second address: 5CB30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CD3C3 second address: 5CD3C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CD3C9 second address: 5CD3E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jp 00007F18C0E93056h 0x00000012 jns 00007F18C0E93056h 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CF351 second address: 5CF357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CF357 second address: 5CF3DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F18C0E93058h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 mov bl, C2h 0x00000023 adc bh, FFFFFFEAh 0x00000026 sub dword ptr [ebp+122D1D79h], edi 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F18C0E93058h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 sub dword ptr [ebp+122D2DEEh], esi 0x0000004e push 00000000h 0x00000050 mov ebx, 30436C9Ah 0x00000055 xchg eax, esi 0x00000056 jmp 00007F18C0E93063h 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e jc 00007F18C0E9305Ch 0x00000064 jng 00007F18C0E93056h 0x0000006a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CE4C7 second address: 5CE4FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F18C0B916EEh 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F18C0B916EBh 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D0382 second address: 5D0417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F18C0E93058h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 stc 0x00000028 mov dword ptr [ebp+122D37EAh], ebx 0x0000002e push 00000000h 0x00000030 jnl 00007F18C0E93062h 0x00000036 add edi, dword ptr [ebp+122D2ADAh] 0x0000003c push 00000000h 0x0000003e mov bx, 6FB1h 0x00000042 xchg eax, esi 0x00000043 js 00007F18C0E93064h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jl 00007F18C0E93056h 0x00000053 jmp 00007F18C0E93066h 0x00000058 popad 0x00000059 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D0417 second address: 5D041D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CF573 second address: 5CF5F4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F18C0E93058h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov bl, 3Ch 0x00000028 push dword ptr fs:[00000000h] 0x0000002f jmp 00007F18C0E93066h 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b and ebx, dword ptr [ebp+122D1B43h] 0x00000041 mov eax, dword ptr [ebp+122D1605h] 0x00000047 mov ebx, 547AEAFCh 0x0000004c push FFFFFFFFh 0x0000004e mov ebx, edx 0x00000050 or dword ptr [ebp+122D33E5h], edi 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a push ecx 0x0000005b pop ecx 0x0000005c jmp 00007F18C0E9305Ah 0x00000061 popad 0x00000062 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5CF5F4 second address: 5CF5F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D2408 second address: 5D2414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D2414 second address: 5D2418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D2418 second address: 5D241E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D2589 second address: 5D258D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D258D second address: 5D2603 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F18C0E93058h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D1B43h], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov ebx, dword ptr [ebp+1247D614h] 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 mov bx, si 0x0000002a mov eax, dword ptr [ebp+122D0051h] 0x00000030 mov dword ptr [ebp+1244D121h], ecx 0x00000036 push FFFFFFFFh 0x00000038 push 00000000h 0x0000003a push edi 0x0000003b call 00007F18C0E93058h 0x00000040 pop edi 0x00000041 mov dword ptr [esp+04h], edi 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc edi 0x0000004e push edi 0x0000004f ret 0x00000050 pop edi 0x00000051 ret 0x00000052 sbb edi, 42F68912h 0x00000058 or edi, dword ptr [ebp+122D1B34h] 0x0000005e push eax 0x0000005f jc 00007F18C0E93060h 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D3671 second address: 5D3677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D3677 second address: 5D367B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D367B second address: 5D369E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F18C0B916F8h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D369E second address: 5D36A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D9309 second address: 5D930F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5D930F second address: 5D9313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5DF5AB second address: 5DF5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F18C0B916E6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5DF5B5 second address: 5DF5CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Ah 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c jbe 00007F18C0E93068h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5DED68 second address: 5DED7C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d jns 00007F18C0B916E6h 0x00000013 pop edi 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E2B0C second address: 5E2B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F18C0E93056h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E2B21 second address: 5E2B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jg 00007F18C0B916FCh 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E88CB second address: 5E8905 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93061h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F18C0E93067h 0x0000000f pushad 0x00000010 ja 00007F18C0E93056h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E8905 second address: 5E890B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E890B second address: 5E8914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E915B second address: 5E9166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F18C0B916E6h 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E93F9 second address: 5E940B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push ecx 0x0000000a je 00007F18C0E93056h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E940B second address: 5E9416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5E9416 second address: 5E941C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5758F0 second address: 575903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F18C0B916E6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 575903 second address: 57590D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F18C0E93056h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57590D second address: 575917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 575917 second address: 57592B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F18C0E93056h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F18C0E9305Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F3BF3 second address: 5F3BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F2A8F second address: 5F2A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F2A95 second address: 5F2A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F32E5 second address: 5F32EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F32EB second address: 5F32EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F32EF second address: 5F32F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F32F3 second address: 5F3303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F18C0B916ECh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F3303 second address: 5F3307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F3307 second address: 5F3336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F18C0B916EEh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edi 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jno 00007F18C0B916E6h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5F3336 second address: 5F333A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 573F2B second address: 573F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F18C0B916E6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 573F38 second address: 573F52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F18C0E93056h 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F18C0E9305Bh 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9548 second address: 5B954C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B964F second address: 5B9653 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B97FD second address: 5B9801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9801 second address: 5B980F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B980F second address: 5B9831 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9831 second address: 5B9837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9837 second address: 5B983E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9900 second address: 5B9905 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9905 second address: 5B9928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F18C0B916F8h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9A00 second address: 5B9A06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9A06 second address: 5B9A0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9BEB second address: 5B9C2B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F18C0E9305Ch 0x00000008 jnc 00007F18C0E93056h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F18C0E93058h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000004h 0x0000002f mov dword ptr [ebp+122D1AF7h], ebx 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9C2B second address: 5B9C36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9F88 second address: 5B9FBF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F18C0E93058h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 0000001Eh 0x00000027 mov cx, dx 0x0000002a push eax 0x0000002b pushad 0x0000002c jng 00007F18C0E9305Ch 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BA10F second address: 5BA113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BA2EE second address: 5BA37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93068h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edx, dword ptr [ebp+122D37F3h] 0x00000013 lea eax, dword ptr [ebp+12480E77h] 0x00000019 or ecx, dword ptr [ebp+122D1E12h] 0x0000001f push eax 0x00000020 jmp 00007F18C0E9305Eh 0x00000025 mov dword ptr [esp], eax 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F18C0E93058h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000019h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov dx, A281h 0x00000046 lea eax, dword ptr [ebp+12480E33h] 0x0000004c call 00007F18C0E93061h 0x00000051 or ecx, 6AF457FFh 0x00000057 pop ecx 0x00000058 nop 0x00000059 pushad 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5BA37A second address: 5BA39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916F8h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F18C0B916E6h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FC22D second address: 5FC231 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FC231 second address: 5FC23A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FC3AF second address: 5FC3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FC520 second address: 5FC526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FC91C second address: 5FC921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FCA95 second address: 5FCA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FCA99 second address: 5FCA9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FCBEC second address: 5FCBF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FCBF5 second address: 5FCBFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5FCBFB second address: 5FCC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916F2h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6019B3 second address: 6019B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 601AE8 second address: 601AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 601AF0 second address: 601B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F18C0E93056h 0x0000000a popad 0x0000000b jg 00007F18C0E93087h 0x00000011 jo 00007F18C0E9305Eh 0x00000017 jnc 00007F18C0E93056h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 601B13 second address: 601B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 601B17 second address: 601B1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60247E second address: 602482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 602482 second address: 6024C9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F18C0E9305Eh 0x0000000f jmp 00007F18C0E9305Fh 0x00000014 push edi 0x00000015 ja 00007F18C0E93056h 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007F18C0E9305Fh 0x00000025 push eax 0x00000026 pop eax 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 604D5E second address: 604D8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F18C0B916E6h 0x0000000b jmp 00007F18C0B916F1h 0x00000010 jg 00007F18C0B916E6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F18C0B916EAh 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60724F second address: 607255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 607255 second address: 60725F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F18C0B916E6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6073F8 second address: 60742A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d ja 00007F18C0E93056h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 popad 0x00000017 jo 00007F18C0E93070h 0x0000001d jmp 00007F18C0E9305Ah 0x00000022 pushad 0x00000023 ja 00007F18C0E93056h 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6076FC second address: 607700 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 607700 second address: 607713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F18C0E9305Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60C47C second address: 60C489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60C489 second address: 60C493 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F18C0E93056h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60BC8D second address: 60BC93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 60BF31 second address: 60BF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 611857 second address: 61185D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61185D second address: 611861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 610383 second address: 610395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007F18C0B916EBh 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 610395 second address: 61039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61039A second address: 6103A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6103A9 second address: 6103AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6108A5 second address: 6108B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F18C0B916E6h 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6108B7 second address: 6108C5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F18C0E93056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop ebx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9DC0 second address: 5B9DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 5B9DC4 second address: 5B9DCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 610BB8 second address: 610BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 610BC1 second address: 610BCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C364 second address: 57C36A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C36A second address: 57C371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C371 second address: 57C377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C377 second address: 57C37B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C37B second address: 57C385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C385 second address: 57C389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C389 second address: 57C3C1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007F18C0B916E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F18C0B916F6h 0x00000015 jp 00007F18C0B916F2h 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 57C3B7 second address: 57C3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F18C0E93056h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61A42E second address: 61A438 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F18C0B916E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61A438 second address: 61A43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61AD5E second address: 61AD7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F5h 0x00000007 js 00007F18C0B916ECh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61B308 second address: 61B30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61B30C second address: 61B315 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61B315 second address: 61B335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F18C0E93056h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F18C0E93061h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61B630 second address: 61B647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F18C0B916ECh 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61B938 second address: 61B93C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61BC09 second address: 61BC20 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F18C0B916E6h 0x00000008 jmp 00007F18C0B916EDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 61BC20 second address: 61BC2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 582DD9 second address: 582DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 621F48 second address: 621F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 621181 second address: 62118B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6217DB second address: 621837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007F18C0E93069h 0x0000000e pop edx 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007F18C0E9305Ah 0x00000016 jmp 00007F18C0E9305Fh 0x0000001b jmp 00007F18C0E93065h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jno 00007F18C0E93056h 0x00000029 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62197C second address: 621982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 621982 second address: 6219B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F18C0E93062h 0x0000000b pushad 0x0000000c jns 00007F18C0E93056h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a js 00007F18C0E93056h 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6219B0 second address: 6219C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007F18C0B916E6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6219C0 second address: 6219C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6219C8 second address: 6219CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62E3C4 second address: 62E3D0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62E3D0 second address: 62E3F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F3h 0x00000007 ja 00007F18C0B916E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62E3F0 second address: 62E3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62CF68 second address: 62CF8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F18C0B916F4h 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F18C0B916E6h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 62DB7C second address: 62DB87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F18C0E93056h 0x0000000a pop edi 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 632069 second address: 632090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F18C0B916E6h 0x0000000a popad 0x0000000b jne 00007F18C0B916ECh 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007F18C0B916E6h 0x0000001b jc 00007F18C0B916E6h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 632090 second address: 632094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 638CAC second address: 638CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F18C0B916F3h 0x00000008 jl 00007F18C0B916E6h 0x0000000e je 00007F18C0B916E6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push edx 0x00000018 jng 00007F18C0B916E6h 0x0000001e pop edx 0x0000001f pop edx 0x00000020 pop eax 0x00000021 pushad 0x00000022 push ebx 0x00000023 pushad 0x00000024 popad 0x00000025 pushad 0x00000026 popad 0x00000027 pop ebx 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b jno 00007F18C0B916E6h 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 push edx 0x00000035 pop edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 638CF2 second address: 638CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 638720 second address: 638741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916EBh 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007F18C0B916E6h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 638A31 second address: 638A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 645729 second address: 645758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jl 00007F18C0B916E6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F18C0B916EFh 0x00000015 jmp 00007F18C0B916F0h 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 645758 second address: 64575E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 64575E second address: 645768 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F18C0B916E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6487F3 second address: 6487F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6487F7 second address: 648804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 64EF76 second address: 64EF80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F18C0E93056h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 64EF80 second address: 64EF95 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F18C0B916EDh 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 64EF95 second address: 64EF9F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F18C0E93062h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6571F2 second address: 657207 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 658A7E second address: 658A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 658A82 second address: 658AA8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F18C0B916E6h 0x00000011 jmp 00007F18C0B916F2h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 658AA8 second address: 658AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F18C0E93056h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 658AB4 second address: 658AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B63E second address: 65B644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B644 second address: 65B648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B648 second address: 65B69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007F18C0E93056h 0x0000000f jmp 00007F18C0E9305Eh 0x00000014 jmp 00007F18C0E93064h 0x00000019 popad 0x0000001a popad 0x0000001b push ecx 0x0000001c pushad 0x0000001d jmp 00007F18C0E93066h 0x00000022 pushad 0x00000023 popad 0x00000024 jnc 00007F18C0E93056h 0x0000002a popad 0x0000002b push edi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B69F second address: 65B6A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B496 second address: 65B49C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B49C second address: 65B4A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B4A0 second address: 65B4FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F18C0E93062h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F18C0E93064h 0x00000010 pop ebx 0x00000011 pushad 0x00000012 jnl 00007F18C0E93058h 0x00000018 push eax 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F18C0E9305Eh 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F18C0E93062h 0x00000028 push esi 0x00000029 pop esi 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 65B4FE second address: 65B502 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 665E71 second address: 665E81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F18C0E93056h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 665E81 second address: 665E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 66492A second address: 66492E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 66492E second address: 664932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664932 second address: 66493A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 66493A second address: 664962 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F2h 0x00000007 push edx 0x00000008 jnc 00007F18C0B916E6h 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F18C0B916E8h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664962 second address: 66498D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0E93068h 0x00000009 jmp 00007F18C0E9305Fh 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 66498D second address: 6649C0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F18C0B916E6h 0x00000008 jmp 00007F18C0B916F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F18C0B916EFh 0x00000016 jnl 00007F18C0B916E6h 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664C55 second address: 664C62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F18C0E93056h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664EBC second address: 664EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664EC2 second address: 664ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664ECA second address: 664EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0B916EEh 0x00000009 pop edi 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 664EDD second address: 664EE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 665190 second address: 665194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 665B79 second address: 665B8F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F18C0E9305Ah 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 665B8F second address: 665BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push edi 0x00000008 jo 00007F18C0B916E6h 0x0000000e jl 00007F18C0B916E6h 0x00000014 pop edi 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 668ACF second address: 668B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0E93063h 0x00000009 popad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jne 00007F18C0E93056h 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jmp 00007F18C0E9305Fh 0x0000001d popad 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F18C0E9305Dh 0x00000026 jo 00007F18C0E93056h 0x0000002c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6686B6 second address: 6686BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6740EE second address: 67410F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F18C0E93065h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 681A77 second address: 681A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 683AE0 second address: 683AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 683AEC second address: 683AF6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F18C0B916E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A2F4 second address: 68A2F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A451 second address: 68A46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F18C0B916E6h 0x0000000a jmp 00007F18C0B916EBh 0x0000000f popad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A46D second address: 68A4AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93061h 0x00000007 push ebx 0x00000008 jmp 00007F18C0E9305Fh 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jp 00007F18C0E9305Ch 0x00000019 jne 00007F18C0E93056h 0x0000001f push eax 0x00000020 push edx 0x00000021 jo 00007F18C0E93056h 0x00000027 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A63F second address: 68A643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A643 second address: 68A669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F18C0E93056h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F18C0E93065h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A7A8 second address: 68A7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F18C0B916E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A931 second address: 68A955 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F18C0E93065h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jng 00007F18C0E93056h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A955 second address: 68A95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A95B second address: 68A962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68A962 second address: 68A97F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F18C0B916F8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68AC4E second address: 68AC5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jne 00007F18C0E93056h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68AC5A second address: 68AC73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68AC73 second address: 68AC86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnp 00007F18C0E9305Eh 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68AC86 second address: 68AC8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68B086 second address: 68B0D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F18C0E93060h 0x0000000a popad 0x0000000b jmp 00007F18C0E9305Ah 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007F18C0E9305Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c jmp 00007F18C0E93067h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68B0D0 second address: 68B0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68B275 second address: 68B279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68B279 second address: 68B297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F18C0B916E6h 0x0000000d jmp 00007F18C0B916EFh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68D042 second address: 68D051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F18C0E93056h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68D051 second address: 68D057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68D057 second address: 68D05B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68D05B second address: 68D05F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68D05F second address: 68D076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F18C0E9305Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68FCD0 second address: 68FCEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68FCEC second address: 68FD55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a nop 0x0000000b mov edx, dword ptr [ebp+124583A1h] 0x00000011 push 00000004h 0x00000013 call 00007F18C0E93063h 0x00000018 jmp 00007F18C0E93064h 0x0000001d pop edx 0x0000001e or edx, dword ptr [ebp+122D1E90h] 0x00000024 call 00007F18C0E93059h 0x00000029 jmp 00007F18C0E93065h 0x0000002e push eax 0x0000002f push ebx 0x00000030 jo 00007F18C0E9305Ch 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 68FF7F second address: 68FFDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F18C0B916EEh 0x00000012 push dword ptr [ebp+12451E65h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F18C0B916E8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 push 6C4EBF16h 0x00000037 pushad 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 69317D second address: 693186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 693186 second address: 69318C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 69318C second address: 693190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 693190 second address: 6931C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F2h 0x00000007 jmp 00007F18C0B916F9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 6931C3 second address: 6931C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 402CE0 second address: 402CE0 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push edi 0x00000007 push esi 0x00000008 imul eax, eax, 001E7319h 0x0000000e add eax, 3CFB5543h 0x00000013 rcr eax, 10h 0x00000016 add eax, esi 0x00000018 imul eax, edi 0x0000001b xor edx, edx 0x0000001d mul dword ptr [ebp+08h] 0x00000020 mov eax, edx 0x00000022 pop esi 0x00000023 pop edi 0x00000024 pop ebx 0x00000025 leave 0x00000026 retn 0004h 0x00000029 lea eax, dword ptr [eax+00000300h] 0x0000002f push eax 0x00000030 push 00405BFCh 0x00000035 call 00007F18C0B930B5h 0x0000003a push ebp 0x0000003b mov ebp, esp 0x0000003d push ebx 0x0000003e push edi 0x0000003f push esi 0x00000040 mov edi, dword ptr [ebp+08h] 0x00000043 push 000000FFh 0x00000048 call 00007F18C0B919BEh 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493063A second address: 4930640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930640 second address: 4930662 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov edi, 3916092Eh 0x00000014 popad 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930662 second address: 49306A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93064h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edx, 25C4D324h 0x00000010 movsx edi, si 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F18C0E93064h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49306A2 second address: 49306A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49306A6 second address: 49306AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49306AA second address: 49306B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493079B second address: 49307D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 pushfd 0x00000007 jmp 00007F18C0E93066h 0x0000000c or esi, 5F57CA78h 0x00000012 jmp 00007F18C0E9305Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dh, 94h 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49307D6 second address: 49307DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49307DC second address: 49307E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49306FD second address: 4930703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930703 second address: 4930774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a call 00007F18C0E93064h 0x0000000f pushfd 0x00000010 jmp 00007F18C0E93062h 0x00000015 adc esi, 4D4FD828h 0x0000001b jmp 00007F18C0E9305Bh 0x00000020 popfd 0x00000021 pop ecx 0x00000022 popad 0x00000023 mov dword ptr [esp], ebp 0x00000026 jmp 00007F18C0E9305Bh 0x0000002b mov ebp, esp 0x0000002d jmp 00007F18C0E93066h 0x00000032 pop ebp 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930774 second address: 49104A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, 132CBF01h 0x0000000e popad 0x0000000f jmp dword ptr [768811CCh] 0x00000015 mov edi, edi 0x00000017 push ebp 0x00000018 mov ebp, esp 0x0000001a mov eax, dword ptr [ebp+08h] 0x0000001d sub esp, 1Ch 0x00000020 test eax, eax 0x00000022 je 00007F18C0B9177Eh 0x00000028 mov eax, dword ptr fs:[00000030h] 0x0000002e mov eax, dword ptr [eax+08h] 0x00000031 mov esp, ebp 0x00000033 pop ebp 0x00000034 retn 0004h 0x00000037 mov dword ptr [ebp-04h], eax 0x0000003a mov dword ptr [ebp-48h], 00000000h 0x00000041 mov eax, dword ptr [ebp+08h] 0x00000044 mov dword ptr [ebp-44h], eax 0x00000047 mov dword ptr [ebp-40h], 00000000h 0x0000004e mov dword ptr [ebp-3Ch], 00000000h 0x00000055 mov eax, dword ptr [ebp-04h] 0x00000058 mov dword ptr [ebp-38h], eax 0x0000005b mov dword ptr [ebp-28h], 00000000h 0x00000062 lea eax, dword ptr [ebp-0000024Ch] 0x00000068 mov dword ptr [ebp-24h], eax 0x0000006b push 00007F04h 0x00000070 push 00000000h 0x00000072 call 00007F18C0B932A7h 0x00000077 jmp 00007F18C509EA36h 0x0000007c mov edi, edi 0x0000007e jmp 00007F18C0B916EBh 0x00000083 xchg eax, ebp 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007F18C0B916F5h 0x0000008b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49104A5 second address: 491057C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F18C0E93067h 0x00000009 and ecx, 7031AECEh 0x0000000f jmp 00007F18C0E93069h 0x00000014 popfd 0x00000015 jmp 00007F18C0E93060h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e jmp 00007F18C0E9305Bh 0x00000023 xchg eax, ebp 0x00000024 jmp 00007F18C0E93066h 0x00000029 mov ebp, esp 0x0000002b pushad 0x0000002c call 00007F18C0E9305Eh 0x00000031 call 00007F18C0E93062h 0x00000036 pop ecx 0x00000037 pop ebx 0x00000038 pushfd 0x00000039 jmp 00007F18C0E93060h 0x0000003e xor esi, 583EE738h 0x00000044 jmp 00007F18C0E9305Bh 0x00000049 popfd 0x0000004a popad 0x0000004b xchg eax, ecx 0x0000004c jmp 00007F18C0E93066h 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491057C second address: 4910585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, 8A29h 0x00000008 popad 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910585 second address: 49105D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F18C0E9305Bh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ecx 0x0000000f jmp 00007F18C0E9305Fh 0x00000014 xchg eax, edi 0x00000015 pushad 0x00000016 mov ax, FD4Bh 0x0000001a mov bx, ax 0x0000001d popad 0x0000001e push eax 0x0000001f jmp 00007F18C0E9305Dh 0x00000024 xchg eax, edi 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F18C0E9305Dh 0x0000002c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49105D1 second address: 49105D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49105D9 second address: 491067F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 sub edi, edi 0x00000009 pushad 0x0000000a mov ecx, ebx 0x0000000c movsx ebx, si 0x0000000f popad 0x00000010 test dword ptr [ebp+0Ch], FFFF0000h 0x00000017 jmp 00007F18C0E93066h 0x0000001c jne 00007F19328521C3h 0x00000022 jmp 00007F18C0E93060h 0x00000027 mov edx, dword ptr [ebp+0Ch] 0x0000002a jmp 00007F18C0E93060h 0x0000002f mov ecx, dword ptr [ebp+08h] 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007F18C0E9305Eh 0x00000039 adc esi, 1BB9CCA8h 0x0000003f jmp 00007F18C0E9305Bh 0x00000044 popfd 0x00000045 popad 0x00000046 push 1414F0ACh 0x0000004b pushad 0x0000004c mov di, si 0x0000004f popad 0x00000050 xor dword ptr [esp], 141470ECh 0x00000057 pushad 0x00000058 mov bx, si 0x0000005b mov ebx, eax 0x0000005d popad 0x0000005e xchg eax, edi 0x0000005f jmp 00007F18C0E9305Ah 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491067F second address: 4910683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910683 second address: 4910689 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910689 second address: 49106B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F18C0B916F5h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49106B4 second address: 49106BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49106BA second address: 49106BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49106BE second address: 49106FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F18C0E93064h 0x0000000e mov dword ptr [esp], edi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F18C0E9305Ch 0x0000001a xor si, F958h 0x0000001f jmp 00007F18C0E9305Bh 0x00000024 popfd 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49106FF second address: 4910737 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F18C0B916F6h 0x0000000c adc esi, 4E1E03B8h 0x00000012 jmp 00007F18C0B916EBh 0x00000017 popfd 0x00000018 popad 0x00000019 push 00000003h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910737 second address: 4910752 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910752 second address: 4910758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910774 second address: 491078F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491078F second address: 49107E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ah, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c mov dx, si 0x0000000f mov esi, 79409425h 0x00000014 popad 0x00000015 leave 0x00000016 pushad 0x00000017 mov esi, 7E6E22DDh 0x0000001c call 00007F18C0B916EAh 0x00000021 mov ecx, 5D51E111h 0x00000026 pop eax 0x00000027 popad 0x00000028 retn 0008h 0x0000002b mov dword ptr [ebp-34h], eax 0x0000002e push 00007F01h 0x00000033 push 00000000h 0x00000035 call 00007F18C0B93292h 0x0000003a jmp 00007F18C509ED7Bh 0x0000003f mov edi, edi 0x00000041 jmp 00007F18C0B916EDh 0x00000046 xchg eax, ebp 0x00000047 jmp 00007F18C0B916EEh 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49107E4 second address: 4910800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93068h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910800 second address: 4910871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 pushfd 0x00000006 jmp 00007F18C0B916EDh 0x0000000b jmp 00007F18C0B916EBh 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 mov eax, 72B9CD3Bh 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F18C0B916F3h 0x00000025 add al, 0000001Eh 0x00000028 jmp 00007F18C0B916F9h 0x0000002d popfd 0x0000002e pushad 0x0000002f mov si, 773Dh 0x00000033 mov di, cx 0x00000036 popad 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 pushad 0x0000003a movzx ecx, di 0x0000003d push eax 0x0000003e push edx 0x0000003f push edx 0x00000040 pop eax 0x00000041 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910871 second address: 491088C instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F18C0E93061h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491088C second address: 4910892 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910892 second address: 4910896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910896 second address: 491090D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a jmp 00007F18C0B916F5h 0x0000000f mov bh, ch 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F18C0B916F8h 0x00000018 mov dword ptr [esp], edi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov si, bx 0x00000021 pushfd 0x00000022 jmp 00007F18C0B916F9h 0x00000027 sub esi, 16066ED6h 0x0000002d jmp 00007F18C0B916F1h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491090D second address: 4910913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910913 second address: 491092D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F18C0B916EBh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491092D second address: 4910933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910933 second address: 4910937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910937 second address: 49109DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test dword ptr [ebp+0Ch], FFFF0000h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F18C0E9305Dh 0x00000016 and ecx, 76B1E196h 0x0000001c jmp 00007F18C0E93061h 0x00000021 popfd 0x00000022 mov esi, 0AA64E07h 0x00000027 popad 0x00000028 jne 00007F1932859303h 0x0000002e pushad 0x0000002f mov ax, F6FFh 0x00000033 popad 0x00000034 mov edx, dword ptr [ebp+0Ch] 0x00000037 pushad 0x00000038 jmp 00007F18C0E93067h 0x0000003d pushfd 0x0000003e jmp 00007F18C0E93068h 0x00000043 or cx, 8348h 0x00000048 jmp 00007F18C0E9305Bh 0x0000004d popfd 0x0000004e popad 0x0000004f mov ecx, dword ptr [ebp+08h] 0x00000052 pushad 0x00000053 mov di, si 0x00000056 mov ah, C2h 0x00000058 popad 0x00000059 push F45C48FEh 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49109DA second address: 49109DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49109DE second address: 49109E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49109E4 second address: 49109EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49109EA second address: 49109EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49109EE second address: 4910A01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 0BA43742h 0x0000000f pushad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910A01 second address: 4910A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov ebx, eax 0x00000007 popad 0x00000008 xchg eax, edi 0x00000009 jmp 00007F18C0E93064h 0x0000000e push eax 0x0000000f pushad 0x00000010 mov esi, edi 0x00000012 popad 0x00000013 xchg eax, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910A2A second address: 4910A3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491001B second address: 4910021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910021 second address: 4910025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910025 second address: 4910033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910033 second address: 491003A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491003A second address: 49100BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93062h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov eax, 09D2DB53h 0x00000013 jmp 00007F18C0E93068h 0x00000018 popad 0x00000019 mov eax, 7D6BEC31h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F18C0E9305Ah 0x00000028 xor eax, 3BBB2008h 0x0000002e jmp 00007F18C0E9305Bh 0x00000033 popfd 0x00000034 mov eax, 6586C67Fh 0x00000039 popad 0x0000003a and esp, FFFFFFF8h 0x0000003d jmp 00007F18C0E93062h 0x00000042 sub esp, 30h 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 mov cx, di 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49100BF second address: 49100C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49100C4 second address: 49100D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0E9305Bh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49100D3 second address: 4910111 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F18C0B916F8h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910111 second address: 4910115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910115 second address: 491011B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491011B second address: 4910121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910121 second address: 4910125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910125 second address: 4910140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub edx, edx 0x0000000a pushad 0x0000000b mov edx, 1A618F46h 0x00000010 movsx ebx, ax 0x00000013 popad 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910140 second address: 4910144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910144 second address: 491015F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491015F second address: 49101B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F18C0B916EFh 0x00000009 sub eax, 39D4AB2Eh 0x0000000f jmp 00007F18C0B916F9h 0x00000014 popfd 0x00000015 call 00007F18C0B916F0h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ecx, edx 0x00000024 movsx ebx, ax 0x00000027 popad 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49101B0 second address: 49101DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F18C0E93066h 0x0000000f xchg eax, edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bl, 0Ch 0x00000015 mov cl, 06h 0x00000017 popad 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49101DF second address: 49101E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49101E5 second address: 49101E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49101E9 second address: 491020C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F18C0B916F2h 0x00000011 mov cx, 5061h 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491020C second address: 4910263 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b movzx ecx, bx 0x0000000e mov bh, 00h 0x00000010 popad 0x00000011 push 00000009h 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 mov si, dx 0x00000019 popad 0x0000001a pop ecx 0x0000001b jmp 00007F18C0E93063h 0x00000020 lea esi, dword ptr [eax+04h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F18C0E93060h 0x0000002c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910263 second address: 4910267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910267 second address: 491026D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491026D second address: 4910297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F18C0B916F6h 0x00000011 push 00000001h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910297 second address: 49102B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93069h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49103C4 second address: 4910412 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F18C0B916F5h 0x00000009 sub cx, 7EB6h 0x0000000e jmp 00007F18C0B916F1h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F18C0B916F4h 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910412 second address: 4910421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910421 second address: 4910451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jmp 00007F18C0B916ECh 0x0000000e mov esp, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F18C0B916F7h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910451 second address: 4910469 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0E93064h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910469 second address: 491046D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 491046D second address: 4930052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a mov cx, bx 0x0000000d mov ecx, edx 0x0000000f popad 0x00000010 retn 0004h 0x00000013 push 00000000h 0x00000015 push dword ptr [ebp-04h] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push 00000096h 0x00000021 push 000001F4h 0x00000026 push FFFFFC18h 0x0000002b push FFFFFC18h 0x00000030 push 00C80000h 0x00000035 lea eax, dword ptr [ebp-0000014Ch] 0x0000003b push eax 0x0000003c lea eax, dword ptr [ebp-0000024Ch] 0x00000042 push eax 0x00000043 push 00000080h 0x00000048 call 00007F18C0E94B8Bh 0x0000004d jmp 00007F18C53BFF56h 0x00000052 mov edi, edi 0x00000054 jmp 00007F18C0E9305Fh 0x00000059 xchg eax, ebp 0x0000005a pushad 0x0000005b push ebx 0x0000005c pushfd 0x0000005d jmp 00007F18C0E9305Eh 0x00000062 and cx, 33B8h 0x00000067 jmp 00007F18C0E9305Bh 0x0000006c popfd 0x0000006d pop esi 0x0000006e popad 0x0000006f push eax 0x00000070 jmp 00007F18C0E93066h 0x00000075 xchg eax, ebp 0x00000076 pushad 0x00000077 push ecx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930052 second address: 4930078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov ax, 11CFh 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F18C0B916F2h 0x00000011 sub eax, eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930078 second address: 493007E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493007E second address: 4930084 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930084 second address: 4930159 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93067h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e pushad 0x0000000f jmp 00007F18C0E93064h 0x00000014 jmp 00007F18C0E93062h 0x00000019 popad 0x0000001a nop 0x0000001b jmp 00007F18C0E93060h 0x00000020 push eax 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F18C0E93061h 0x00000028 adc ax, DE86h 0x0000002d jmp 00007F18C0E93061h 0x00000032 popfd 0x00000033 mov esi, 4E750C37h 0x00000038 popad 0x00000039 nop 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F18C0E93068h 0x00000041 adc eax, 4D5FBC58h 0x00000047 jmp 00007F18C0E9305Bh 0x0000004c popfd 0x0000004d movzx ecx, di 0x00000050 popad 0x00000051 push esp 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F18C0E93067h 0x00000059 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930159 second address: 493015F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493015F second address: 4930194 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F18C0E93067h 0x00000010 push 6832A3A8h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F18C0E9305Bh 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930194 second address: 49301D3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F18C0B916F8h 0x00000008 or eax, 2008A2A8h 0x0000000e jmp 00007F18C0B916EBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov di, ax 0x00000019 popad 0x0000001a xor dword ptr [esp], 2832A3A9h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49301D3 second address: 49301FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F18C0E9305Dh 0x0000000a adc cx, 06C6h 0x0000000f jmp 00007F18C0E93061h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49301FD second address: 493029C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov edx, esi 0x0000000d mov edi, esi 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 call 00007F18C0B916EEh 0x00000017 jmp 00007F18C0B916F2h 0x0000001c pop esi 0x0000001d popad 0x0000001e nop 0x0000001f jmp 00007F18C0B916F1h 0x00000024 push dword ptr [ebp+34h] 0x00000027 jmp 00007F18C0B916EEh 0x0000002c mov ecx, dword ptr [ebp+08h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 pushfd 0x00000035 jmp 00007F18C0B916F3h 0x0000003a add si, DE1Eh 0x0000003f jmp 00007F18C0B916F9h 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493029C second address: 49302AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0E9305Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49302AC second address: 49302C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+30h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F18C0B916EAh 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49302C3 second address: 49302DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49302DB second address: 49302DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49302DF second address: 49302E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49302E5 second address: 4930322 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F18C0B916F8h 0x00000009 adc eax, 7A9B98D8h 0x0000000f jmp 00007F18C0B916EBh 0x00000014 popfd 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push dword ptr [ebp+28h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930322 second address: 4930326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930326 second address: 493032C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493032C second address: 493039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dh 0x00000005 mov ebx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+24h] 0x0000000d pushad 0x0000000e jmp 00007F18C0E93066h 0x00000013 jmp 00007F18C0E93062h 0x00000018 popad 0x00000019 push dword ptr [ebp+20h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F18C0E9305Dh 0x00000024 pushfd 0x00000025 jmp 00007F18C0E93060h 0x0000002a add ecx, 6DBD5F28h 0x00000030 jmp 00007F18C0E9305Bh 0x00000035 popfd 0x00000036 popad 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493039A second address: 49303B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cl, bh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+1Ch] 0x0000000d pushad 0x0000000e mov ch, 53h 0x00000010 mov bx, 1D7Ah 0x00000014 popad 0x00000015 push dword ptr [ebp+18h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49303B8 second address: 49303BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49303BC second address: 49303C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49303C0 second address: 49303C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 493043E second address: 4930444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4930444 second address: 4930448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49208F2 second address: 492090F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492090F second address: 4920922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920922 second address: 492097F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b pushad 0x0000000c mov edi, eax 0x0000000e jmp 00007F18C0B916F8h 0x00000013 popad 0x00000014 push 00000000h 0x00000016 jmp 00007F18C0B916F0h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F18C0B916EAh 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492097F second address: 492098E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910B34 second address: 4910B48 instructions: 0x00000000 rdtsc 0x00000002 mov ax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov bl, 71h 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx edi, si 0x00000011 push eax 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910B48 second address: 4910B4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910B4E second address: 4910B52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910B52 second address: 4910B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F18C0E9305Ch 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F18C0E93067h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov esi, edi 0x0000001d mov edi, 6FA9CD72h 0x00000022 popad 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910B8E second address: 4910BFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [76324C30h] 0x0000000f pushad 0x00000010 push esi 0x00000011 pop eax 0x00000012 mov dx, D2CCh 0x00000016 popad 0x00000017 push ecx 0x00000018 pushad 0x00000019 movzx esi, bx 0x0000001c pushfd 0x0000001d jmp 00007F18C0B916F3h 0x00000022 or ecx, 12C4E97Eh 0x00000028 jmp 00007F18C0B916F9h 0x0000002d popfd 0x0000002e popad 0x0000002f mov dword ptr [esp], ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 movsx ebx, cx 0x00000038 mov al, C1h 0x0000003a popad 0x0000003b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910BFE second address: 4910C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C04 second address: 4910C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushfd 0x00000011 jmp 00007F18C0B916F3h 0x00000016 and cl, FFFFFF9Eh 0x00000019 jmp 00007F18C0B916F9h 0x0000001e popfd 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F18C0B916F1h 0x00000026 xchg eax, esi 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C72 second address: 4910C76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C76 second address: 4910C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C7C second address: 4910C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C82 second address: 4910C86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C86 second address: 4910C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub ebx, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C96 second address: 4910C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910C9A second address: 4910CA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910CA0 second address: 4910CC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F18C0B916EDh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910CC1 second address: 4910CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4910CC7 second address: 4910CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000AC second address: 49000B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000B2 second address: 49000DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, al 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, eax 0x0000000c jmp 00007F18C0B916F5h 0x00000011 mov esi, edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000DB second address: 49000E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000E1 second address: 49000E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000E7 second address: 49000EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49000EB second address: 490015D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-1Ch], esi 0x0000000b jmp 00007F18C0B916F8h 0x00000010 mov ecx, ebx 0x00000012 jmp 00007F18C0B916F0h 0x00000017 or ecx, esi 0x00000019 pushad 0x0000001a mov al, 0Dh 0x0000001c popad 0x0000001d je 00007F1932535301h 0x00000023 jmp 00007F18C0B916F4h 0x00000028 and dword ptr [ebp-04h], 00000000h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F18C0B916F7h 0x00000033 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 490015D second address: 49001CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93069h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+10h] 0x0000000c jmp 00007F18C0E9305Eh 0x00000011 test edi, edi 0x00000013 pushad 0x00000014 call 00007F18C0E9305Eh 0x00000019 call 00007F18C0E93062h 0x0000001e pop eax 0x0000001f pop ebx 0x00000020 popad 0x00000021 je 00007F1932836BCBh 0x00000027 pushad 0x00000028 mov dx, 7FCEh 0x0000002c mov bl, CAh 0x0000002e popad 0x0000002f mov ecx, dword ptr [ebx+00000080h] 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 mov si, dx 0x0000003b mov ecx, edi 0x0000003d popad 0x0000003e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49001CE second address: 49001EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebx+00000084h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49001EE second address: 49001F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49001F2 second address: 490020F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 490020F second address: 4900215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4900215 second address: 4900236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49002EC second address: 4900353 instructions: 0x00000000 rdtsc 0x00000002 call 00007F18C0E9305Ch 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ax, AF73h 0x00000012 push esi 0x00000013 pop edi 0x00000014 popad 0x00000015 mov esi, 386599EBh 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F18C0E9305Ch 0x00000023 sub si, 1E78h 0x00000028 jmp 00007F18C0E9305Bh 0x0000002d popfd 0x0000002e mov ecx, 597361AFh 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 pushad 0x00000037 push esi 0x00000038 mov bx, 44F2h 0x0000003c pop ebx 0x0000003d mov ch, 14h 0x0000003f popad 0x00000040 mov ecx, dword ptr [ebp+08h] 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F18C0E9305Eh 0x0000004a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4900353 second address: 4900359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4900359 second address: 490035D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 490035D second address: 490036E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov cl, bh 0x0000000e mov edi, esi 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49003BE second address: 4900414 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b jmp 00007F18C0E93066h 0x00000010 mov ecx, esi 0x00000012 jmp 00007F18C0E93060h 0x00000017 or ecx, edx 0x00000019 jmp 00007F18C0E93060h 0x0000001e je 00007F193284716Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4900414 second address: 490041C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, dx 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 490041C second address: 4900469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93064h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+00000088h] 0x0000000f jmp 00007F18C0E93060h 0x00000014 or eax, dword ptr [esi+0000008Ch] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F18C0E93067h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492006E second address: 4920073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920073 second address: 4920081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0E9305Ah 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920081 second address: 4920085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920085 second address: 49200D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+14h] 0x0000000b jmp 00007F18C0E93067h 0x00000010 mov eax, edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F18C0E9305Bh 0x0000001b jmp 00007F18C0E93063h 0x00000020 popfd 0x00000021 mov ax, 3E3Fh 0x00000025 popad 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49200D1 second address: 4920106 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F18C0B916EBh 0x00000008 mov ch, 35h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d or eax, ecx 0x0000000f jmp 00007F18C0B916EBh 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F18C0B916F0h 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920106 second address: 4920115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920115 second address: 4920180 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F18C0B916F7h 0x00000010 movzx ecx, bx 0x00000013 popad 0x00000014 xchg eax, esi 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F18C0B916F1h 0x0000001c adc cx, 6CB6h 0x00000021 jmp 00007F18C0B916F1h 0x00000026 popfd 0x00000027 push eax 0x00000028 push edx 0x00000029 mov cx, D2FDh 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920180 second address: 49201CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov esi, FFFE0000h 0x0000000f pushad 0x00000010 call 00007F18C0E9305Eh 0x00000015 pushfd 0x00000016 jmp 00007F18C0E93062h 0x0000001b sbb esi, 0A069238h 0x00000021 jmp 00007F18C0E9305Bh 0x00000026 popfd 0x00000027 pop esi 0x00000028 push eax 0x00000029 push edx 0x0000002a movsx ebx, si 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49201CE second address: 49201DC instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49201DC second address: 49201E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49201E0 second address: 49201EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49201EF second address: 4920235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93069h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F18C0E93061h 0x0000000f xchg eax, edi 0x00000010 jmp 00007F18C0E9305Eh 0x00000015 test esi, eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920235 second address: 492023B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492023B second address: 492025F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 mov cx, F75Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jne 00007F193283E7EFh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F18C0E9305Fh 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492025F second address: 49202E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr fs:[00000018h] 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F18C0B916ECh 0x00000017 sub ax, 7548h 0x0000001c jmp 00007F18C0B916EBh 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007F18C0B916F8h 0x00000028 add ah, FFFFFFA8h 0x0000002b jmp 00007F18C0B916EBh 0x00000030 popfd 0x00000031 popad 0x00000032 mov eax, dword ptr [esi+00000FDCh] 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F18C0B916F0h 0x00000041 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49202E5 second address: 49202F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49202F4 second address: 49202FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49202FA second address: 49202FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49202FE second address: 4920343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a pushad 0x0000000b mov dx, E350h 0x0000000f mov di, E47Ch 0x00000013 popad 0x00000014 jns 00007F18C0B91705h 0x0000001a pushad 0x0000001b mov bh, 47h 0x0000001d mov esi, 4C5326B9h 0x00000022 popad 0x00000023 add esi, eax 0x00000025 jmp 00007F18C0B916F4h 0x0000002a mov eax, dword ptr [esi+000008B0h] 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920343 second address: 4920347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920347 second address: 492034B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492034B second address: 4920351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920351 second address: 492040A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or eax, dword ptr [esi+000008B4h] 0x0000000f pushad 0x00000010 mov ecx, 6E6ABD7Dh 0x00000015 mov ch, B4h 0x00000017 popad 0x00000018 jne 00007F193253CD6Eh 0x0000001e pushad 0x0000001f push edi 0x00000020 pushfd 0x00000021 jmp 00007F18C0B916EEh 0x00000026 xor ecx, 69845388h 0x0000002c jmp 00007F18C0B916EBh 0x00000031 popfd 0x00000032 pop ecx 0x00000033 mov ecx, edx 0x00000035 popad 0x00000036 mov esi, dword ptr [ebp+08h] 0x00000039 pushad 0x0000003a jmp 00007F18C0B916F1h 0x0000003f mov ecx, 3418A4E7h 0x00000044 popad 0x00000045 xchg eax, ecx 0x00000046 pushad 0x00000047 jmp 00007F18C0B916F8h 0x0000004c mov edi, ecx 0x0000004e popad 0x0000004f push eax 0x00000050 jmp 00007F18C0B916F7h 0x00000055 xchg eax, ecx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F18C0B916F0h 0x0000005f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492040A second address: 4920410 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920410 second address: 4920434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F18C0B916ECh 0x00000009 add esi, 7057FD08h 0x0000000f jmp 00007F18C0B916EBh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920434 second address: 4920463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, edx 0x00000008 jmp 00007F18C0E93064h 0x0000000d push eax 0x0000000e jmp 00007F18C0E9305Bh 0x00000013 xchg eax, edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920463 second address: 4920467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920467 second address: 492046D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492046D second address: 49204D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007F18C0B916F0h 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 push esi 0x00000014 mov edx, 7B2AD310h 0x00000019 pop ebx 0x0000001a mov cl, 61h 0x0000001c popad 0x0000001d push eax 0x0000001e pushad 0x0000001f mov di, ax 0x00000022 pushad 0x00000023 call 00007F18C0B916F8h 0x00000028 pop esi 0x00000029 mov edx, 72043446h 0x0000002e popad 0x0000002f popad 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 jmp 00007F18C0B916F3h 0x00000037 push eax 0x00000038 push edx 0x00000039 mov cl, DBh 0x0000003b rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920548 second address: 492055F instructions: 0x00000000 rdtsc 0x00000002 mov ebx, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [ebp-04h], edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F18C0E9305Bh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492055F second address: 4920577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F18C0B916F4h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920577 second address: 492057B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492057B second address: 4920595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F193253CBEAh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F18C0B916EAh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920595 second address: 492059B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492059B second address: 492059F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492059F second address: 49205BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E9305Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, dword ptr [esi+04h] 0x0000000e pushad 0x0000000f mov bh, ah 0x00000011 push eax 0x00000012 push edx 0x00000013 mov esi, edi 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49205BC second address: 49205C8 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49205C8 second address: 49205FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, di 0x00000007 popad 0x00000008 mov cx, bx 0x0000000b popad 0x0000000c mov dword ptr [esp], ebx 0x0000000f pushad 0x00000010 mov eax, ebx 0x00000012 popad 0x00000013 lea ebx, dword ptr [esi+08h] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F18C0E93068h 0x0000001f rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 49205FA second address: 4920609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 4920609 second address: 492065B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0E93069h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, ebx 0x0000000b jmp 00007F18C0E9305Eh 0x00000010 call 00007F1932816210h 0x00000015 mov edi, edi 0x00000017 push ebp 0x00000018 mov ebp, esp 0x0000001a push ecx 0x0000001b push esi 0x0000001c mov esi, edx 0x0000001e push edi 0x0000001f cmp ecx, 00000107h 0x00000025 jbe 00007F18C0E9306Eh 0x00000027 sub ecx, 0000010Fh 0x0000002d je 00007F18C0E93088h 0x0000002f sub ecx, 11h 0x00000032 je 00007F18C0E93083h 0x00000034 sub ecx, 00000166h 0x0000003a je 00007F18C0E9307Bh 0x0000003c xor eax, eax 0x0000003e pop edi 0x0000003f inc eax 0x00000040 pop esi 0x00000041 leave 0x00000042 ret 0x00000043 jmp 00007F18C0E93060h 0x00000048 test eax, eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F18C0E9305Ah 0x00000053 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492065B second address: 492066A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F18C0B916EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\cubrodriver.exeRDTSC instruction interceptor: First address: 492066A second address: 4920670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Tries to evade debugger and weak emulator (self modifying code)
          Source: C:\Users\user\Desktop\cubrodriver.exeSpecial instruction interceptor: First address: 40BAAA instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\cubrodriver.exeSpecial instruction interceptor: First address: 5B184B instructions caused by: Self-modifying code
          Source: C:\ProgramData\tjjsd\xrilthp.exeSpecial instruction interceptor: First address: 40BAAA instructions caused by: Self-modifying code
          Source: C:\ProgramData\tjjsd\xrilthp.exeSpecial instruction interceptor: First address: 5B184B instructions caused by: Self-modifying code
          Source: C:\ProgramData\tjjsd\xrilthp.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeCode function: 0_2_049208A9 rdtsc 0_2_049208A9
          Source: C:\ProgramData\tjjsd\xrilthp.exeWindow / User API: threadDelayed 7701Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep count: 193 > 30Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep count: 183 > 30Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep count: 182 > 30Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep count: 232 > 30Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep count: 91 > 30Jump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exe TID: 8444Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8644Thread sleep time: -116058s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8616Thread sleep time: -222111s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8604Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8620Thread sleep time: -216108s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8628Thread sleep time: -206103s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exe TID: 8636Thread sleep time: -15409701s >= -30000sJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\cubrodriver.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeThread delayed: delay time: 60000Jump to behavior
          Source: cubrodriver.exe, cubrodriver.exe, 00000000.00000002.1337695726.000000000058F000.00000040.00000001.01000000.00000003.sdmp, xrilthp.exe, xrilthp.exe, 00000001.00000002.3763730433.000000000058F000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
          Source: cubrodriver.exe, 00000000.00000002.1337695726.000000000058F000.00000040.00000001.01000000.00000003.sdmp, xrilthp.exe, 00000001.00000002.3763730433.000000000058F000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
          Source: xrilthp.exe, 00000001.00000002.3764152623.00000000008A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\cubrodriver.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\cubrodriver.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeThread information set: HideFromDebuggerJump to behavior
          Potentially malicious time measurement code found
          Source: C:\ProgramData\tjjsd\xrilthp.exeCode function: 1_2_04920127 Start: 049202F8 End: 049201CA1_2_04920127
          Tries to detect sandboxes and other dynamic analysis tools (window names)
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: regmonclass
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: gbdyllo
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: procmon_window_class
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: ollydbg
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: filemonclass
          Source: C:\ProgramData\tjjsd\xrilthp.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\tjjsd\xrilthp.exeFile opened: NTICE
          Source: C:\ProgramData\tjjsd\xrilthp.exeFile opened: SICE
          Source: C:\ProgramData\tjjsd\xrilthp.exeFile opened: SIWVID
          Source: C:\Users\user\Desktop\cubrodriver.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\tjjsd\xrilthp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\cubrodriver.exeCode function: 0_2_049208A9 rdtsc 0_2_049208A9
          Source: cubrodriver.exe, cubrodriver.exe, 00000000.00000002.1337695726.000000000058F000.00000040.00000001.01000000.00000003.sdmp, xrilthp.exe, xrilthp.exe, 00000001.00000002.3763730433.000000000058F000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: z}Program Manager

          Stealing of Sensitive Information

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000000.00000003.1324139236.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000003.1365940162.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: cubrodriver.exe PID: 8440, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xrilthp.exe PID: 8600, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000000.00000003.1324139236.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000003.1365940162.0000000004774000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: cubrodriver.exe PID: 8440, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: xrilthp.exe PID: 8600, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Command and Scripting Interpreter          		1
          Scheduled Task/Job          		2
          Process Injection          		1
          Masquerading          		OS Credential Dumping741
          Security Software Discovery          		Remote ServicesData from Local System1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Scheduled Task/Job          		1
          DLL Side-Loading          		1
          Scheduled Task/Job          		241
          Virtualization/Sandbox Evasion          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		2
          Process Injection          		Security Account Manager241
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive11
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Obfuscated Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Software Packing          		LSA Secrets22
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.