Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325634671.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325634671.0000000001325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1309288034.000000000132F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.000000000132F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bathdoomgaz.store:443/api |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v= |
Source: file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am |
Source: file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l= |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf |
Source: file.exe, 00000000.00000003.1309785394.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.1309288034.000000000132F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.000000000132F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.c |
Source: file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001341000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000002.1325894274.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/k |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.1325894274.0000000001341000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001341000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000002.1325894274.0000000001351000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001351000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900h |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.1309288034.000000000132F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.000000000132F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd883ccb3237fa39 |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000002.1326426749.00000000013C3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1309288034.000000000132F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.000000000132F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://studennotediw.store:443/apiZ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1309288034.0000000001329000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309785394.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1325894274.00000000013B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1309263874.00000000013B9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1309288034.0000000001372000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1162B8E second address: 1162B9E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007FEEC4B9D8D6h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1162B9E second address: 1162BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1162BA2 second address: 1162BA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11501EA second address: 11501F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11501F0 second address: 11501F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11501F5 second address: 11501FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11501FB second address: 11501FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1161C2F second address: 1161C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEEC4B78781h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1161C48 second address: 1161C52 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEEC4B9D8DEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165DCE second address: 1165DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165DD2 second address: 1165E17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEEC4B9D8DAh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jmp 00007FEEC4B9D8E0h 0x00000019 push edi 0x0000001a jno 00007FEEC4B9D8D6h 0x00000020 pop edi 0x00000021 popad 0x00000022 mov eax, dword ptr [eax] 0x00000024 push ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165E17 second address: 1165E35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jnp 00007FEEC4B78776h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165E35 second address: 1165E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165EF3 second address: 1165EF9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165EF9 second address: 1165EFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165EFF second address: 1165F67 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 572916FEh 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007FEEC4B78778h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d jmp 00007FEEC4B78789h 0x00000032 lea ebx, dword ptr [ebp+12455CFCh] 0x00000038 xor dword ptr [ebp+122D1D1Dh], esi 0x0000003e push eax 0x0000003f push esi 0x00000040 pushad 0x00000041 jmp 00007FEEC4B7877Ch 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1165FEF second address: 116600E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B9D8DFh 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007FEEC4B9D8F0h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1166128 second address: 1166175 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FEEC4B78778h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov ecx, eax 0x00000028 lea ebx, dword ptr [ebp+12455D05h] 0x0000002e stc 0x0000002f xchg eax, ebx 0x00000030 jg 00007FEEC4B78784h 0x00000036 push eax 0x00000037 push edi 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1166175 second address: 1166179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 116621B second address: 11662A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 6207D805h 0x0000000d mov ecx, dword ptr [ebp+122D2CDFh] 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FEEC4B78778h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f jmp 00007FEEC4B78789h 0x00000034 push 00000000h 0x00000036 sbb ecx, 3C88898Bh 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007FEEC4B78778h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 mov dx, cx 0x0000005b push A21D3D2Dh 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11662A7 second address: 11662AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11662AB second address: 11662B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 115C1D3 second address: 115C1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1182A89 second address: 1182A9B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FEEC4B78776h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1182A9B second address: 1182AAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEEC4B9D8DAh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11831B0 second address: 11831CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FEEC4B78776h 0x00000009 pop edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007FEEC4B78776h 0x00000013 pop eax 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11831CB second address: 11831F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B9D8DCh 0x00000009 jno 00007FEEC4B9D8D6h 0x0000000f popad 0x00000010 jmp 00007FEEC4B9D8E5h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11831F7 second address: 11831FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1183339 second address: 118335E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FEEC4B9D8D6h 0x00000009 jmp 00007FEEC4B9D8E8h 0x0000000e popad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11834FD second address: 1183523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B78781h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jg 00007FEEC4B78782h 0x00000012 jp 00007FEEC4B78776h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 118364A second address: 118364E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1183AA0 second address: 1183AD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78785h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FEEC4B7877Eh 0x00000012 jmp 00007FEEC4B7877Bh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1151D55 second address: 1151D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1151D59 second address: 1151D65 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1151D65 second address: 1151D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEEC4B9D8D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11843E1 second address: 11843F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007FEEC4B78778h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11843F4 second address: 118440D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FEEC4B9D8E3h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1184895 second address: 11848A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FEEC4B78776h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11848A1 second address: 11848AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FEEC4B9D8D8h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1188BE2 second address: 1188BEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1188BEB second address: 1188BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1189348 second address: 118934C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11900C0 second address: 11900C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1190230 second address: 119024D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B78784h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119024D second address: 1190251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11913AC second address: 11913E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEEC4B78781h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FEEC4B78784h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11913E2 second address: 11913E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11913E9 second address: 119144C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007FEEC4B78776h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007FEEC4B78786h 0x00000015 pop eax 0x00000016 call 00007FEEC4B78786h 0x0000001b mov si, 3081h 0x0000001f pop edi 0x00000020 push A3F5A551h 0x00000025 jo 00007FEEC4B78796h 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FEEC4B78784h 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1191774 second address: 1191779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1191779 second address: 119177F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119177F second address: 1191783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1191AC5 second address: 1191AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1191AC9 second address: 1191AD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1191AD3 second address: 1191AF0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b jmp 00007FEEC4B78781h 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192053 second address: 1192058 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192058 second address: 119205E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192268 second address: 119226C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119226C second address: 1192276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192276 second address: 119227A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119227A second address: 1192287 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192287 second address: 119228B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119239D second address: 11923A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11923A1 second address: 11923A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11923A7 second address: 11923AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11923AD second address: 11923B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192485 second address: 119248B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1192718 second address: 119271D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11947E9 second address: 11947ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1193F3E second address: 1193F42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1193F42 second address: 1193F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1193F4B second address: 1193F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1194F9E second address: 1194FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1195CE9 second address: 1195CFC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEEC4B9D8D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop esi 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1195CFC second address: 1195D02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197402 second address: 1197422 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197422 second address: 1197426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197426 second address: 11974B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1CA6h], edx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FEEC4B9D8D8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d call 00007FEEC4B9D8E4h 0x00000032 push edi 0x00000033 push edx 0x00000034 pop esi 0x00000035 pop edi 0x00000036 pop edi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007FEEC4B9D8D8h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000018h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 mov edi, ebx 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 jno 00007FEEC4B9D8D8h 0x0000005e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11974B7 second address: 11974BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197EC6 second address: 1197ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197ECA second address: 1197EE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FEEC4B78776h 0x00000009 jnl 00007FEEC4B78776h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197F70 second address: 1197F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197F74 second address: 1197F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1197F78 second address: 1197F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11495DE second address: 11495E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119FD69 second address: 119FDD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007FEEC4B9D8E9h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FEEC4B9D8D8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b movsx ebx, si 0x0000002e stc 0x0000002f push 00000000h 0x00000031 stc 0x00000032 xchg eax, esi 0x00000033 push edx 0x00000034 jl 00007FEEC4B9D8E5h 0x0000003a jmp 00007FEEC4B9D8DFh 0x0000003f pop edx 0x00000040 push eax 0x00000041 pushad 0x00000042 jng 00007FEEC4B9D8DCh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119F07F second address: 119F083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119F083 second address: 119F089 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A0CB2 second address: 11A0D35 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FEEC4B7877Bh 0x00000011 jmp 00007FEEC4B7877Fh 0x00000016 popad 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FEEC4B78778h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 push 00000000h 0x00000034 jnc 00007FEEC4B7877Bh 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D2BFFh] 0x00000042 xchg eax, esi 0x00000043 jmp 00007FEEC4B7877Ah 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FEEC4B78784h 0x00000052 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A0D35 second address: 11A0D3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A1E0A second address: 11A1E0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A2B4F second address: 11A2B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A2B53 second address: 11A2B5F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A2CB7 second address: 11A2CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEEC4B9D8E0h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A2CCE second address: 11A2CED instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEEC4B78781h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A3DD6 second address: 11A3DE0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A4A70 second address: 11A4AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 jno 00007FEEC4B78782h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FEEC4B78778h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 pushad 0x00000029 sub ecx, dword ptr [ebp+122D242Dh] 0x0000002f push edi 0x00000030 xor ecx, dword ptr [ebp+122D39AEh] 0x00000036 pop ebx 0x00000037 popad 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c xor bl, 00000008h 0x0000003f push eax 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 push edx 0x00000044 pop edx 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A6A44 second address: 11A6A6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FEEC4B9D8DAh 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 jnc 00007FEEC4B9D8D8h 0x00000019 jo 00007FEEC4B9D8E2h 0x0000001f js 00007FEEC4B9D8D6h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A7006 second address: 11A7043 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEEC4B7877Dh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007FEEC4B78781h 0x00000013 add ebx, 15387330h 0x00000019 push 00000000h 0x0000001b mov di, 9C6Bh 0x0000001f push 00000000h 0x00000021 mov bl, B6h 0x00000023 xchg eax, esi 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A7043 second address: 11A7047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A7047 second address: 11A706C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEEC4B78787h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A7FEB second address: 11A7FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FEEC4B9D8D6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A7FF6 second address: 11A800E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEC4B78783h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A9214 second address: 11A921E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A921E second address: 11A9224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A9224 second address: 11A9228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AA0F7 second address: 11AA123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 xor dword ptr [ebp+122D1FA3h], edx 0x0000000e mov bx, 4635h 0x00000012 push 00000000h 0x00000014 pushad 0x00000015 mov bx, dx 0x00000018 mov ecx, 33ED5AF4h 0x0000001d popad 0x0000001e push 00000000h 0x00000020 movzx edi, si 0x00000023 xchg eax, esi 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 push esi 0x0000002a pop esi 0x0000002b popad 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AA123 second address: 11AA138 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEEC4B9D8D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AC6CF second address: 11AC745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEEC4B7877Ch 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e jng 00007FEEC4B78776h 0x00000014 pop ebx 0x00000015 pushad 0x00000016 jnp 00007FEEC4B78776h 0x0000001c jmp 00007FEEC4B78787h 0x00000021 popad 0x00000022 popad 0x00000023 nop 0x00000024 adc bx, 1081h 0x00000029 push 00000000h 0x0000002b sbb bx, 7395h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007FEEC4B78778h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 00000016h 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c mov dword ptr [ebp+122D3810h], esi 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AC745 second address: 11AC749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AC749 second address: 11AC74D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AC74D second address: 11AC753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A819E second address: 11A81A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A81A4 second address: 11A81A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11A81A8 second address: 11A81AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AFA46 second address: 11AFA4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AFA4A second address: 11AFA50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AFA50 second address: 11AFA56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B09E3 second address: 11B09F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B09F0 second address: 11B09F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AFD11 second address: 11AFD15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11AFD15 second address: 11AFD22 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B0BD0 second address: 11B0BD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B0BD4 second address: 11B0BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B0BE1 second address: 11B0BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B0BE8 second address: 11B0C8D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEEC4B9D8DCh 0x00000008 jc 00007FEEC4B9D8D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D1C1Fh], eax 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007FEEC4B9D8D8h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 sub dword ptr [ebp+12471685h], edx 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 pushad 0x00000046 mov edi, ebx 0x00000048 popad 0x00000049 push eax 0x0000004a pop edi 0x0000004b mov eax, dword ptr [ebp+122D0789h] 0x00000051 mov bl, 4Dh 0x00000053 mov edi, 2EDC8549h 0x00000058 push FFFFFFFFh 0x0000005a xor dword ptr [ebp+122D2782h], esi 0x00000060 nop 0x00000061 jne 00007FEEC4B9D8F3h 0x00000067 push eax 0x00000068 pushad 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FEEC4B9D8E4h 0x00000070 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B0C8D second address: 11B0C91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 114CC27 second address: 114CC2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B6D9C second address: 11B6DBA instructions: 0x00000000 rdtsc 0x00000002 jl 00007FEEC4B78776h 0x00000008 jmp 00007FEEC4B78784h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11B6DBA second address: 11B6DEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E6h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FEEC4B9D8E4h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11BEEC1 second address: 11BEECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11BEECE second address: 11BEF09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FEEC4B9D8DEh 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007FEEC4B9D8E1h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11BF06A second address: 11BF094 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11BF094 second address: 11BF0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnc 00007FEEC4B9D8D6h 0x00000011 jp 00007FEEC4B9D8D6h 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C443A second address: 11C4450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B78782h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C4450 second address: 11C4477 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FEEC4B9D8EDh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C4477 second address: 11C447D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C447D second address: 11C4493 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jo 00007FEEC4B9D8D6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C4493 second address: 11C4497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C4497 second address: 11C44D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FEEC4B9D8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FEEC4B9D8EBh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEEC4B9D8E8h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C44D8 second address: 11C44F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Eh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3AD5 second address: 11C3ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3ADB second address: 11C3ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3ADF second address: 11C3AF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FEEC4B9D8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3AF2 second address: 11C3B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B78780h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3B06 second address: 11C3B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8DEh 0x00000007 jmp 00007FEEC4B9D8E9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FEEC4B9D8D6h 0x00000016 jmp 00007FEEC4B9D8DCh 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3F37 second address: 11C3F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEEC4B78776h 0x0000000a pop esi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3F42 second address: 11C3F4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C3F4A second address: 11C3F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C7F76 second address: 11C7F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007FEEC4B9D8D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C815E second address: 11C8166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C86D1 second address: 11C86D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8C30 second address: 11C8C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FEEC4B78776h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FEEC4B78776h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8C43 second address: 11C8C54 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEC4B9D8D6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8DC8 second address: 11C8DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8DCD second address: 11C8DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8DD6 second address: 11C8DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FEEC4B78776h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C8DE3 second address: 11C8DE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C9325 second address: 11C934E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B78782h 0x00000009 jmp 00007FEEC4B78783h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C934E second address: 11C9353 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C9353 second address: 11C935E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C7C71 second address: 11C7C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jp 00007FEEC4B9D8DEh 0x0000000e push ebx 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C7C8C second address: 11C7CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEEC4B7877Fh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11C7CA4 second address: 11C7CB1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CE622 second address: 11CE626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1147B1C second address: 1147B22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1147B22 second address: 1147B3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78780h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199108 second address: 1199194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FEEC4B9D8D8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D1D85h], eax 0x0000002a lea eax, dword ptr [ebp+12488EA4h] 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007FEEC4B9D8D8h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a call 00007FEEC4B9D8DCh 0x0000004f mov cl, bl 0x00000051 pop edi 0x00000052 sub di, 3774h 0x00000057 pushad 0x00000058 adc edx, 14E26087h 0x0000005e stc 0x0000005f popad 0x00000060 push eax 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199194 second address: 1199198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11992C2 second address: 11992CC instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199868 second address: 119986E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11999F5 second address: 1199A18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEC4B9D8DCh 0x00000008 jng 00007FEEC4B9D8D6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], esi 0x00000014 cmc 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 push eax 0x0000001a pop eax 0x0000001b pop ecx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199CB1 second address: 1199CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FEEC4B78776h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199CBB second address: 1199D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FEEC4B9D8D8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov di, 30D8h 0x00000029 mov dword ptr [ebp+12470C5Bh], ecx 0x0000002f push 00000004h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007FEEC4B9D8D8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b mov edx, ecx 0x0000004d nop 0x0000004e jnp 00007FEEC4B9D8EBh 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119A0E9 second address: 119A102 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78781h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119A102 second address: 119A106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119A106 second address: 119A136 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c and dx, 88C7h 0x00000011 push 0000001Eh 0x00000013 pushad 0x00000014 mov dword ptr [ebp+122D1D08h], esi 0x0000001a mov eax, 5601C07Ah 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 jmp 00007FEEC4B7877Bh 0x00000029 pop eax 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119A55D second address: 119A5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov cx, dx 0x0000000c lea eax, dword ptr [ebp+12488EE8h] 0x00000012 call 00007FEEC4B9D8E0h 0x00000017 sub ecx, dword ptr [ebp+122D1FEBh] 0x0000001d pop edx 0x0000001e nop 0x0000001f jmp 00007FEEC4B9D8E3h 0x00000024 push eax 0x00000025 push esi 0x00000026 push ecx 0x00000027 jmp 00007FEEC4B9D8E4h 0x0000002c pop ecx 0x0000002d pop esi 0x0000002e nop 0x0000002f mov edx, dword ptr [ebp+122D36F1h] 0x00000035 lea eax, dword ptr [ebp+12488EA4h] 0x0000003b mov edi, eax 0x0000003d push eax 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FEEC4B9D8E9h 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 119A5DF second address: 119A60D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78784h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEEC4B78784h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CD7D2 second address: 11CD7F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FEEC4B9D8E8h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CD7F6 second address: 11CD7FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CD7FB second address: 11CD800 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CDD52 second address: 11CDD56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CDD56 second address: 11CDD60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FEEC4B9D8D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CE1F5 second address: 11CE223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007FEEC4B78788h 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007FEEC4B78780h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEEC4B7877Fh 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11CE223 second address: 11CE227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D1639 second address: 11D1661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FEEC4B78785h 0x00000012 pop esi 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D70D0 second address: 11D70D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D70D4 second address: 11D70DA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D70DA second address: 11D70E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D5E0B second address: 11D5E15 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEC4B7877Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D5F74 second address: 11D5F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D60C3 second address: 11D60C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D60C7 second address: 11D60DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D60DF second address: 11D60ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEEC4B78778h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D5AD6 second address: 11D5B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B9D8E6h 0x00000009 popad 0x0000000a jo 00007FEEC4B9D8DAh 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jne 00007FEEC4B9D910h 0x0000001a pushad 0x0000001b jmp 00007FEEC4B9D8E9h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D697A second address: 11D697E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D6B20 second address: 11D6B2E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11D6B2E second address: 11D6B52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FEEC4B78776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FEEC4B78784h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBF42 second address: 11DBF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBF4D second address: 11DBF53 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBF53 second address: 11DBF5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FEEC4B9D8D6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBF5F second address: 11DBF63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBF63 second address: 11DBFCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEEC4B9D8E9h 0x0000000c jp 00007FEEC4B9D8D6h 0x00000012 jmp 00007FEEC4B9D8E4h 0x00000017 jmp 00007FEEC4B9D8E5h 0x0000001c popad 0x0000001d pop edx 0x0000001e pop eax 0x0000001f pushad 0x00000020 jmp 00007FEEC4B9D8DEh 0x00000025 pushad 0x00000026 jg 00007FEEC4B9D8D6h 0x0000002c push edx 0x0000002d pop edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DBFCF second address: 11DBFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DC404 second address: 11DC41A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007FEEC4B9D8E0h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DDE85 second address: 11DDE89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DFDC5 second address: 11DFDD7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEEC4B9D8D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FEEC4B9D8D8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DFDD7 second address: 11DFDDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11DFDDC second address: 11DFDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jng 00007FEEC4B9D8D6h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E4220 second address: 11E4226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E4226 second address: 11E422A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 115DBC2 second address: 115DBC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E8906 second address: 11E894B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jo 00007FEEC4B9D8E8h 0x0000000f jmp 00007FEEC4B9D8E2h 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FEEC4B9D8E4h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FEEC4B9D8DAh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E894B second address: 11E894F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E8A95 second address: 11E8AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B9D8E9h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1199EED second address: 1199F5A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEEC4B78778h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007FEEC4B78778h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov edx, eax 0x0000002b mov ebx, dword ptr [ebp+12488EE3h] 0x00000031 or dword ptr [ebp+122D28A5h], esi 0x00000037 mov dx, 92D0h 0x0000003b add eax, ebx 0x0000003d mov edi, 426F720Dh 0x00000042 nop 0x00000043 jmp 00007FEEC4B7877Bh 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007FEEC4B78782h 0x00000050 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11E8D6C second address: 11E8D98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEEC4B9D8E7h 0x0000000c jnc 00007FEEC4B9D8D6h 0x00000012 jbe 00007FEEC4B9D8D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11ED656 second address: 11ED670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78783h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 114B149 second address: 114B14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11ECA98 second address: 11ECAAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007FEEC4B7877Ch 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11ECAAD second address: 11ECAB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11ECEC5 second address: 11ECEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11ED03C second address: 11ED044 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F31DE second address: 11F31EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F31EE second address: 11F31F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F429A second address: 11F429F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F429F second address: 11F42B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FEEC4B9D8DBh 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F455B second address: 11F455F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F455F second address: 11F4571 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FEEC4B9D8D6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F4571 second address: 11F4577 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F4577 second address: 11F4581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F482E second address: 11F489F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007FEEC4B78776h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FEEC4B78781h 0x00000015 jns 00007FEEC4B78776h 0x0000001b jmp 00007FEEC4B7877Eh 0x00000020 push esi 0x00000021 pop esi 0x00000022 popad 0x00000023 jmp 00007FEEC4B78782h 0x00000028 popad 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FEEC4B78782h 0x00000030 jmp 00007FEEC4B78782h 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11F489F second address: 11F48A4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDF7D second address: 11FDF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDF85 second address: 11FDFA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FEEC4B9D8E7h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDFA3 second address: 11FDFB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD222 second address: 11FD226 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD226 second address: 11FD22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD22F second address: 11FD235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD4FF second address: 11FD505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD505 second address: 11FD50F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEEC4B9D8D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD50F second address: 11FD519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD519 second address: 11FD51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD51D second address: 11FD521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD65E second address: 11FD692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEEC4B9D8E3h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEEC4B9D8E9h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD692 second address: 11FD6B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e ja 00007FEEC4B78778h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 jbe 00007FEEC4B78776h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD7EC second address: 11FD7FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007FEEC4B9D8D6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD7FA second address: 11FD80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B7877Eh 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD965 second address: 11FD96B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD96B second address: 11FD96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD96F second address: 11FD97C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FD97C second address: 11FD98B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B7877Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC05 second address: 11FDC18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FEEC4B9D8D6h 0x0000000a pop edx 0x0000000b jns 00007FEEC4B9D8D8h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC18 second address: 11FDC22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEEC4B78776h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC22 second address: 11FDC33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8DDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC33 second address: 11FDC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC3D second address: 11FDC41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11FDC41 second address: 11FDC89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jmp 00007FEEC4B78789h 0x00000011 jng 00007FEEC4B78776h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FEEC4B78784h 0x0000001f jbe 00007FEEC4B78776h 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1204BA6 second address: 1204BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1204E00 second address: 1204E04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1204E04 second address: 1204E4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEEC4B9D8E3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c pushad 0x0000000d jc 00007FEEC4B9D8D8h 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FEEC4B9D8DEh 0x0000001c jmp 00007FEEC4B9D8E3h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1204FDC second address: 1204FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205239 second address: 1205242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205242 second address: 1205248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 120542D second address: 1205435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205711 second address: 1205715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205715 second address: 120572F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FEEC4B9D8DAh 0x0000000c pop eax 0x0000000d jne 00007FEEC4B9D909h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12058B3 second address: 12058BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205F89 second address: 1205F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1205F8F second address: 1205F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121B29C second address: 121B2A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121B2A1 second address: 121B2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121B2A9 second address: 121B2B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121AFA2 second address: 121AFBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FEEC4B78776h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jc 00007FEEC4B7877Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121DAB1 second address: 121DAB7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D4D4 second address: 121D4F5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEEC4B78776h 0x00000008 jmp 00007FEEC4B7877Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D4F5 second address: 121D4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D4FB second address: 121D510 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEEC4B7877Dh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D69C second address: 121D6A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D6A0 second address: 121D6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 121D6A6 second address: 121D6B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jns 00007FEEC4B9D8D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 122CC05 second address: 122CC1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jo 00007FEEC4B787A1h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FEEC4B78776h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 122FC22 second address: 122FC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 122FC26 second address: 122FC3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEEC4B7877Eh 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 123485D second address: 1234863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1234C63 second address: 1234C68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1234C68 second address: 1234C92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jp 00007FEEC4B9D8D6h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jg 00007FEEC4B9D8D6h 0x00000020 jmp 00007FEEC4B9D8DAh 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1234DDB second address: 1234DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1234DE1 second address: 1234E10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FEEC4B9D902h 0x0000000f push eax 0x00000010 push esi 0x00000011 pop esi 0x00000012 je 00007FEEC4B9D8D6h 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1238243 second address: 1238247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1238247 second address: 123824D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12383BE second address: 12383DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B78782h 0x00000007 jo 00007FEEC4B7877Eh 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 123AC5D second address: 123AC71 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007FEEC4B9D8D6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jp 00007FEEC4B9D8D6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 123AC71 second address: 123AC75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1245B73 second address: 1245BAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FEEC4B9D8D6h 0x00000009 jns 00007FEEC4B9D8D6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 jmp 00007FEEC4B9D8E3h 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c jmp 00007FEEC4B9D8DDh 0x00000021 pushad 0x00000022 popad 0x00000023 pop ecx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1153A36 second address: 1153A44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FEEC4B78778h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1153A44 second address: 1153A54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEEC4B9D8D6h 0x0000000a jnl 00007FEEC4B9D8D6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 124BE53 second address: 124BE63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FEEC4B78778h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 124BE63 second address: 124BE9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E9h 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FEEC4B9D8D6h 0x0000000f jmp 00007FEEC4B9D8E7h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12754C0 second address: 12754DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B7877Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12754DA second address: 12754DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1274415 second address: 1274434 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FEEC4B78785h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12745F0 second address: 12745F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 12745F6 second address: 1274616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FEEC4B7878Bh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007FEEC4B78783h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1274616 second address: 1274622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FEEC4B9D8D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1274622 second address: 1274626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1274EBD second address: 1274ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1274ECC second address: 1274EDE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007FEEC4B78776h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1275195 second address: 12751AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jp 00007FEEC4B9D8D6h 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127800A second address: 127807C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 jp 00007FEEC4B78776h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007FEEC4B7877Bh 0x00000017 popad 0x00000018 popad 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FEEC4B78778h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 push 00000004h 0x00000036 jmp 00007FEEC4B78789h 0x0000003b call 00007FEEC4B78779h 0x00000040 push eax 0x00000041 push edx 0x00000042 js 00007FEEC4B7877Ch 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127807C second address: 1278080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1278080 second address: 12780BC instructions: 0x00000000 rdtsc 0x00000002 je 00007FEEC4B7877Ch 0x00000008 jp 00007FEEC4B78776h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jnl 00007FEEC4B78778h 0x00000018 pushad 0x00000019 jmp 00007FEEC4B7877Bh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 popad 0x00000022 mov eax, dword ptr [esp+04h] 0x00000026 js 00007FEEC4B78784h 0x0000002c push eax 0x0000002d push edx 0x0000002e jne 00007FEEC4B78776h 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1278317 second address: 127832B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEEC4B9D8E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127832B second address: 127836A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FEEC4B7877Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d jmp 00007FEEC4B78787h 0x00000012 pop esi 0x00000013 pop edx 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pop edx 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127836A second address: 127836E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1279512 second address: 1279518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1279518 second address: 1279524 instructions: 0x00000000 rdtsc 0x00000002 je 00007FEEC4B9D8D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1279524 second address: 127952A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127AF5F second address: 127AFAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FEEC4B9D8E6h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jl 00007FEEC4B9D8FBh 0x00000019 jmp 00007FEEC4B9D8E7h 0x0000001e jl 00007FEEC4B9D8DEh 0x00000024 push edx 0x00000025 pop edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 127AB16 second address: 127AB2C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEEC4B78776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FEEC4B7877Ch 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440E1C second address: 5440EAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, dword ptr [eax+00000FDCh] 0x00000010 jmp 00007FEEC4B9D8E7h 0x00000015 test ecx, ecx 0x00000017 jmp 00007FEEC4B9D8E6h 0x0000001c jns 00007FEEC4B9D915h 0x00000022 jmp 00007FEEC4B9D8E0h 0x00000027 add eax, ecx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c pushfd 0x0000002d jmp 00007FEEC4B9D8E6h 0x00000032 add ecx, 11B52908h 0x00000038 jmp 00007FEEC4B9D8DBh 0x0000003d popfd 0x0000003e popad 0x0000003f mov eax, dword ptr [eax+00000860h] 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440EAC second address: 5440EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440EB0 second address: 5440EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440EB4 second address: 5440EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440EBA second address: 5440EC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440EC0 second address: 5440ED8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEEC4B7877Ah 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5440ED8 second address: 5440EDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11943BF second address: 11943C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11943C3 second address: 11943D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FEEC4B9D8D8h 0x00000010 rdtsc |