Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AC50FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00A8D110 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00A8D110 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
0_2_00AC63B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
0_2_00AC99D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h |
0_2_00AC695B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_00A8FCA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
0_2_00A90EEC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00AC6094 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
0_2_00A96F91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then dec ebx |
0_2_00ABF030 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ecx, dword ptr [edx] |
0_2_00A81000 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
0_2_00AC4040 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_00AAD1E1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00A942FC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_00AA2260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [esi], ax |
0_2_00AA2260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+14h] |
0_2_00AB23E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ebp, eax |
0_2_00A8A300 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
0_2_00AC64B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_00AAE40C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
0_2_00A9B410 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_00AAC470 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
0_2_00AC1440 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00A9D457 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] |
0_2_00A88590 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
0_2_00AC7520 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00A96536 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00AA9510 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_00AAE66A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_00ABB650 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_00AAD7AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
0_2_00AC67EF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AC5700 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
0_2_00AC7710 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_00AA28E9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
0_2_00A849A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
0_2_00AC3920 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
0_2_00A9D961 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00A91ACD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00A91A3C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
0_2_00AC4A40 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
0_2_00A85A50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_00AB0B80 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
0_2_00A91BEE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00A93BE2 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] |
0_2_00A9DB6F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
0_2_00A9DB6F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
0_2_00AC9B60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00AAAC91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [edx], ax |
0_2_00AAAC91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AC9CE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
0_2_00AC9CE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
0_2_00AACCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AACCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h |
0_2_00AACCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh |
0_2_00ABFC20 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
0_2_00AA7C00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
0_2_00AAEC48 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AC8D8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_00AADD29 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh |
0_2_00AAFD10 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
0_2_00A86EA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
0_2_00A96EBF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+00h] |
0_2_00A8BEB0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
0_2_00A91E93 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov edi, ecx |
0_2_00A94E2A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00AA7E60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AA5E70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ebx, word ptr [ecx] |
0_2_00AAAE57 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
0_2_00A96F91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
0_2_00AC7FC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00AC7FC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [edx], 0000h |
0_2_00A9FFDF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00A88FD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00AC5FD6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00AA9F62 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00ABFF70 |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v= |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC& |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw& |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l= |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu& |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67& |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0& |
Source: file.exe, 00000000.00000002.1525251503.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://eaglepawnoy.store/api |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000002.1525251503.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/N |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.1525137816.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525251503.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000002.1525325793.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1506075617.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2 |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AE3E00 second address: AE3E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BC5C second address: C6BC62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BC62 second address: C6BC6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4CA50AB436h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BC6D second address: C6BC80 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CAEh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BC80 second address: C6BC86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BC86 second address: C6BC8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BF13 second address: C6BF1D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BF1D second address: C6BF2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CADh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6BF2E second address: C6BF52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB444h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F4CA50AB436h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E0F0 second address: C6E111 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007F4CA5099CAAh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F4CA5099CA8h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E111 second address: C6E123 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F4CA50AB436h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E123 second address: AE3E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 je 00007F4CA5099CACh 0x0000000b jnc 00007F4CA5099CA6h 0x00000011 popad 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push esi 0x00000017 jmp 00007F4CA5099CB4h 0x0000001c pop esi 0x0000001d pop eax 0x0000001e push dword ptr [ebp+122D068Dh] 0x00000024 mov dword ptr [ebp+122D1D38h], eax 0x0000002a mov edx, dword ptr [ebp+122D3AEEh] 0x00000030 call dword ptr [ebp+122D399Dh] 0x00000036 pushad 0x00000037 jmp 00007F4CA5099CAEh 0x0000003c xor eax, eax 0x0000003e add dword ptr [ebp+122D1E6Bh], edx 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 clc 0x00000049 mov dword ptr [ebp+122D3BCEh], eax 0x0000004f sub dword ptr [ebp+122D1E6Bh], esi 0x00000055 mov esi, 0000003Ch 0x0000005a cmc 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f jnp 00007F4CA5099CB2h 0x00000065 jl 00007F4CA5099CACh 0x0000006b jnl 00007F4CA5099CA6h 0x00000071 lodsw 0x00000073 jmp 00007F4CA5099CACh 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jnc 00007F4CA5099CBCh 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 mov dword ptr [ebp+122D1E4Ch], eax 0x0000008c nop 0x0000008d jmp 00007F4CA5099CADh 0x00000092 push eax 0x00000093 pushad 0x00000094 push ecx 0x00000095 push eax 0x00000096 push edx 0x00000097 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1B8 second address: C6E1BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1BD second address: C6E1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F4CA5099CBCh 0x00000012 jmp 00007F4CA5099CB6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1E5 second address: C6E1EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1EB second address: C6E1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1EF second address: C6E1F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E1F3 second address: C6E232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jno 00007F4CA5099CB0h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jp 00007F4CA5099CB4h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e pushad 0x0000001f push edi 0x00000020 push eax 0x00000021 pop eax 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E232 second address: C6E236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E326 second address: C6E33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4CA5099CADh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E33A second address: C6E33E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E3AF second address: C6E3EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4CA5099CACh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F4CA5099CB4h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F4CA5099CAAh 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E593 second address: C6E598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E598 second address: C6E5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F4CA5099CB2h 0x00000010 jbe 00007F4CA5099CACh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E690 second address: C6E6E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 21501E0Dh 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F4CA50AB438h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 jmp 00007F4CA50AB443h 0x0000002d lea ebx, dword ptr [ebp+1245DFF3h] 0x00000033 mov cx, bx 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 push ebx 0x0000003a je 00007F4CA50AB436h 0x00000040 pop ebx 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E6E7 second address: C6E6F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4CA5099CA6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6E6F1 second address: C6E6F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8CA21 second address: C8CA3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CAAh 0x00000007 jmp 00007F4CA5099CACh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8CB93 second address: C8CB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8CB99 second address: C8CB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D034 second address: C8D038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D038 second address: C8D05F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4CA5099CB8h 0x0000000b push edi 0x0000000c jnp 00007F4CA5099CA6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D31F second address: C8D33B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB442h 0x00000009 js 00007F4CA50AB436h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D4DE second address: C8D4F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D4F9 second address: C8D4FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8D667 second address: C8D686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F4CA5099CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8DC3E second address: C8DC53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB441h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8DD9D second address: C8DDA9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8DDA9 second address: C8DDCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB446h 0x00000008 jc 00007F4CA50AB436h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C8E7BB second address: C8E7C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C4ECCB second address: C4ECE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4CA50AB445h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C97E19 second address: C97E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5F95B second address: C5F976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA50AB440h 0x00000009 popad 0x0000000a pop edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5F976 second address: C5F980 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5F980 second address: C5F986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5F986 second address: C5F98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5F98A second address: C5F990 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9BEEF second address: C9BEF9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4CA5099CA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9C2D0 second address: C9C2D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9C2D4 second address: C9C2DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9C580 second address: C9C598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB444h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9C6EE second address: C9C6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9C6F2 second address: C9C710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB448h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9D206 second address: C9D20A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9DCB7 second address: C9DCC4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9E002 second address: C9E006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9E143 second address: C9E14F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C66487 second address: C6649C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F4CA5099CA6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F4CA5099CA6h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C6649C second address: C664A6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4CA50AB436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C664A6 second address: C664B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C664B2 second address: C664D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4CA50AB447h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C664D5 second address: C664D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9FCC6 second address: C9FCD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4CA50AB436h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C9FCD0 second address: C9FD43 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4CA5099CB1h 0x0000000e nop 0x0000000f mov si, C5CCh 0x00000013 mov dword ptr [ebp+122D1C7Bh], edx 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D3928h], ecx 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F4CA5099CA8h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000014h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d pushad 0x0000003e sub dword ptr [ebp+12458D70h], ebx 0x00000044 push edi 0x00000045 or dword ptr [ebp+122DB7B8h], ebx 0x0000004b pop esi 0x0000004c popad 0x0000004d xchg eax, ebx 0x0000004e ja 00007F4CA5099CB2h 0x00000054 push eax 0x00000055 push ecx 0x00000056 push ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA0F3E second address: CA0F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA2060 second address: CA2074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA2074 second address: CA207A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA3A2B second address: CA3A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4CA5099CA6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA3A36 second address: CA3A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d cld 0x0000000e push 00000000h 0x00000010 mov esi, dword ptr [ebp+122D1D16h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F4CA50AB438h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 movsx edi, bx 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 jns 00007F4CA50AB436h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA3A77 second address: CA3A89 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F4CA5099CA6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA4430 second address: CA4436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA41D0 second address: CA41D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAB396 second address: CAB39A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAB39A second address: CAB3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F4CA5099CACh 0x0000000c je 00007F4CA5099CA6h 0x00000012 popad 0x00000013 push eax 0x00000014 jno 00007F4CA5099CB0h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAD370 second address: CAD383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jng 00007F4CA50AB436h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAD5D7 second address: CAD5DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAE63B second address: CAE63F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB0525 second address: CB0549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F4CA5099CB7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAF57D second address: CAF58D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAF58D second address: CAF5A7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA5099CA8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F4CA5099CA6h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAF5A7 second address: CAF5AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB1485 second address: CB1489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB1489 second address: CB1493 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAF66F second address: CAF673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CAF673 second address: CAF685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jbe 00007F4CA50AB44Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB24C3 second address: CB24DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CB5h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB15DA second address: CB16AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov ebx, dword ptr [ebp+122D1C6Ah] 0x0000000d add di, FE3Dh 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov di, B8F0h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F4CA50AB438h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov bh, D9h 0x00000040 mov dword ptr [ebp+122D1DFEh], ebx 0x00000046 mov eax, dword ptr [ebp+122D105Dh] 0x0000004c xor dword ptr [ebp+122D1FF4h], ebx 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push esi 0x00000057 call 00007F4CA50AB438h 0x0000005c pop esi 0x0000005d mov dword ptr [esp+04h], esi 0x00000061 add dword ptr [esp+04h], 0000001Ch 0x00000069 inc esi 0x0000006a push esi 0x0000006b ret 0x0000006c pop esi 0x0000006d ret 0x0000006e jl 00007F4CA50AB44Fh 0x00000074 pushad 0x00000075 jmp 00007F4CA50AB444h 0x0000007a xor bl, FFFFFFDAh 0x0000007d popad 0x0000007e nop 0x0000007f jmp 00007F4CA50AB448h 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 jmp 00007F4CA50AB448h 0x0000008c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB06DE second address: CB06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB26A3 second address: CB26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB36B8 second address: CB36BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB06E3 second address: CB0724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB448h 0x00000008 jmp 00007F4CA50AB43Ah 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007F4CA50AB444h 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB26AE second address: CB26B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB36BD second address: CB36FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F4CA50AB444h 0x00000011 jmp 00007F4CA50AB43Eh 0x00000016 nop 0x00000017 sub dword ptr [ebp+12480887h], ebx 0x0000001d push 00000000h 0x0000001f mov bl, 5Ah 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+122D1DFEh], esi 0x00000029 xor dword ptr [ebp+122D204Eh], edx 0x0000002f push eax 0x00000030 push eax 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB0724 second address: CB078F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 nop 0x00000007 mov bh, ch 0x00000009 push dword ptr fs:[00000000h] 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F4CA5099CA8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a xor bx, D79Bh 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov dword ptr [ebp+122D37D2h], esi 0x0000003c mov eax, dword ptr [ebp+122D15F9h] 0x00000042 mov dword ptr [ebp+122D301Bh], ebx 0x00000048 push FFFFFFFFh 0x0000004a or dword ptr [ebp+122D2664h], esi 0x00000050 add ebx, dword ptr [ebp+122D1FCDh] 0x00000056 nop 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F4CA5099CABh 0x0000005e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB26B2 second address: CB2736 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007F4CA50AB43Ch 0x0000000e nop 0x0000000f cld 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F4CA50AB438h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F4CA50AB438h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 movsx edi, cx 0x00000055 mov eax, dword ptr [ebp+122D149Dh] 0x0000005b push FFFFFFFFh 0x0000005d mov dword ptr [ebp+122D391Eh], ebx 0x00000063 mov ebx, 4CA6CE00h 0x00000068 nop 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d jns 00007F4CA50AB436h 0x00000073 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB36FA second address: CB3700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB2736 second address: CB273C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB38AA second address: CB38AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB38AE second address: CB38B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB56C7 second address: CB56CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB56CD second address: CB56D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB48C8 second address: CB48D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4CA5099CA6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB6688 second address: CB668E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB668E second address: CB6705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, dword ptr [ebp+122D3B5Ah] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F4CA5099CA8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e sbb bh, FFFFFFE6h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F4CA5099CA8h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 jmp 00007F4CA5099CACh 0x00000056 pushad 0x00000057 popad 0x00000058 popad 0x00000059 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB6705 second address: CB670B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB6937 second address: CB6941 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB6941 second address: CB6945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB7A6A second address: CB7A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB7A75 second address: CB7A99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F4CA50AB447h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CB7A99 second address: CB7A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CC0A1A second address: CC0A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CC0207 second address: CC0218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CADh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CC0218 second address: CC021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CC021C second address: CC0222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCBBBD second address: CCBBE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB449h 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jnl 00007F4CA50AB436h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCB3B9 second address: CCB3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCB54C second address: CCB563 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4CA50AB436h 0x00000008 jo 00007F4CA50AB436h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCD180 second address: CCD184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCD184 second address: CCD19E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F4CA50AB442h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCD19E second address: CCD1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCD1A4 second address: CCD1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CCD1A8 second address: CCD1AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD17AC second address: CD17B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD06CB second address: CD06DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F4CA5099CA6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD06DB second address: CD06DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA67BE second address: CA67E8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA5099CACh 0x00000008 jl 00007F4CA5099CA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4CA5099CB6h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA67E8 second address: CA6825 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F4CA50AB438h 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edi 0x00000016 push esi 0x00000017 jmp 00007F4CA50AB444h 0x0000001c pop esi 0x0000001d pop edi 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 jne 00007F4CA50AB438h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6825 second address: CA682B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA682B second address: CA6849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F4CA50AB440h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6849 second address: CA6851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA695D second address: CA6977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4CA50AB43Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6977 second address: CA698A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CAEh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6A2B second address: CA6A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6A2F second address: CA6A39 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6A39 second address: CA6A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F4CA50AB444h 0x00000011 push eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6A6B second address: CA6A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6B6E second address: CA6B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6B77 second address: CA6B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6B84 second address: CA6B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA6B8B second address: CA6B95 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA5099CACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C86681 second address: C8668A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD0C81 second address: CD0C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4CA5099CA6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD0DFA second address: CD0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD0DFE second address: CD0E04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD106E second address: CD1074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD1074 second address: CD1098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F4CA5099CA6h 0x00000015 jmp 00007F4CA5099CAFh 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD1098 second address: CD10CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB444h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007F4CA50AB43Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007F4CA50AB436h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD10CA second address: CD10EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jno 00007F4CA5099CA6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD4B58 second address: CD4B7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4CA50AB447h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD4B7B second address: CD4B85 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDA258 second address: CDA25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDA25E second address: CDA266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDA266 second address: CDA273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD8F7E second address: CD8F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jno 00007F4CA5099CA6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9101 second address: CD9105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9105 second address: CD9135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4CA5099CB5h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9290 second address: CD929C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4CA50AB436h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD929C second address: CD92A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD92A3 second address: CD92A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD954A second address: CD954F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD954F second address: CD955A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD955A second address: CD955E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD955E second address: CD9570 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F4CA50AB436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9570 second address: CD957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F4CA5099CACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9959 second address: CD9963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9ABD second address: CD9ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 js 00007F4CA5099CBEh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9ACF second address: CD9AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9AD3 second address: CD9AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9F10 second address: CD9F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CD9F15 second address: CD9F54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F4CA5099CACh 0x0000000f jmp 00007F4CA5099CB7h 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F4CA5099CA6h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF3E0 second address: CDF3FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Fh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F4CA50AB436h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF3FD second address: CDF403 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF403 second address: CDF409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF409 second address: CDF40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF40D second address: CDF411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CDF411 second address: CDF431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4CA5099CB6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE4414 second address: CE441A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE45B0 second address: CE45B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE45B6 second address: CE45BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE471A second address: CE471E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE499F second address: CE49C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 js 00007F4CA50AB436h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F4CA50AB438h 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4CA50AB43Eh 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE49C6 second address: CE49D2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA5099CA6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE4B77 second address: CE4B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CE4FCD second address: CE4FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C62F17 second address: C62F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4CA50AB436h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F4CA50AB449h 0x00000013 je 00007F4CA50AB436h 0x00000019 jbe 00007F4CA50AB436h 0x0000001f popad 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C62F4E second address: C62F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F4CA5099CB0h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C62F6A second address: C62F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C62F72 second address: C62F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CEADA1 second address: CEADAB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF05E0 second address: CF05E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF05E4 second address: CF05F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e js 00007F4CA50AB436h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF05F8 second address: CF05FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF05FC second address: CF060A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF060A second address: CF0611 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF3F95 second address: CF3F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF3F99 second address: CF3F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF3F9D second address: CF3FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4CA50AB436h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF36C7 second address: CF36CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF36CD second address: CF36E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F4CA50AB43Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF36E0 second address: CF36EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF3819 second address: CF381D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF381D second address: CF383F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4CA5099CB6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF383F second address: CF3849 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF3849 second address: CF384E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF9B2A second address: CF9B45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4CA50AB436h 0x00000009 jc 00007F4CA50AB436h 0x0000000f jl 00007F4CA50AB436h 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF9B45 second address: CF9B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F4CA5099CACh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF8828 second address: CF8845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB446h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF8CA9 second address: CF8CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF8DEB second address: CF8DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF8DEF second address: CF8DFB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4CA5099CA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CF8DFB second address: CF8E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB43Bh 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D01379 second address: D01386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4CA5099CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFF5E1 second address: CFF5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFF5E6 second address: CFF5EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFF5EC second address: CFF5F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFFE49 second address: CFFE4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFFE4E second address: CFFE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFFE58 second address: CFFE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F4CA5099CA8h 0x00000012 push edi 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CFFE71 second address: CFFE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4CA50AB43Fh 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00185 second address: D001B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4CA5099CB5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jne 00007F4CA5099CA6h 0x00000012 jl 00007F4CA5099CA6h 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D001B2 second address: D001CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D001CD second address: D001E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4CA5099CAFh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D001E5 second address: D00215 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F4CA50AB449h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00215 second address: D00219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00551 second address: D00559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00559 second address: D00564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00564 second address: D0056A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00814 second address: D00818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D00818 second address: D0081E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D0081E second address: D0082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jg 00007F4CA5099CA6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D0082A second address: D00845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB447h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D010D6 second address: D010DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D0AF36 second address: D0AF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4CA50AB440h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D0AF4E second address: D0AF55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D0B104 second address: D0B109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D14871 second address: D1487D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D12B11 second address: D12B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D130B6 second address: D130BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1324D second address: D13264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jns 00007F4CA50AB436h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F4CA50AB436h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D13397 second address: D1339B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1339B second address: D133B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007F4CA50AB436h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D133B5 second address: D133C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CACh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D133C7 second address: D133CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D133CC second address: D133D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4CA5099CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1352A second address: D1354A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Fh 0x00000007 jg 00007F4CA50AB436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 push ecx 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D136A9 second address: D136B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1404C second address: D14051 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1B233 second address: D1B24A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D1ADBD second address: D1ADC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D29195 second address: D291CC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA5099CCFh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D2BC0A second address: D2BC15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4CA50AB436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D32D04 second address: D32D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D32D12 second address: D32D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D32D16 second address: D32D1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5DE01 second address: C5DE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop edi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C5DE0A second address: C5DE1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4CA5099CA6h 0x0000000a jo 00007F4CA5099CA6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D3B9E9 second address: D3BA14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Bh 0x00000007 jmp 00007F4CA50AB445h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D3BA14 second address: D3BA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jmp 00007F4CA5099CB6h 0x0000000c jmp 00007F4CA5099CB1h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D3EEE1 second address: D3EEE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D3EEE5 second address: D3EF03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4CA5099CB3h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D468FE second address: D46902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D46902 second address: D4690C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D4690C second address: D46928 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4CA50AB443h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: C53C33 second address: C53C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CB4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D45AC8 second address: D45AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D45AD3 second address: D45AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D4A7CD second address: D4A805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB440h 0x00000008 jmp 00007F4CA50AB43Ah 0x0000000d jmp 00007F4CA50AB442h 0x00000012 popad 0x00000013 jg 00007F4CA50AB442h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D4A805 second address: D4A80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D59097 second address: D5909D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D5909D second address: D590A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D590A3 second address: D590B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 jp 00007F4CA50AB436h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D590B4 second address: D590D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CB8h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D590D2 second address: D590E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F4CA50AB436h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D58F21 second address: D58F2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D5B0A6 second address: D5B0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F4CA50AB43Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D5D365 second address: D5D369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D5D369 second address: D5D37E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4CA50AB43Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D5D37E second address: D5D389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4CA5099CA6h 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6B44C second address: D6B452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6B452 second address: D6B456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6B456 second address: D6B45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6D7AE second address: D6D7B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6D7B7 second address: D6D7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F4CA50AB436h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F4CA50AB436h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6F328 second address: D6F33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop edx 0x0000000e push ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D6F33A second address: D6F342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D871AB second address: D871AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D871AF second address: D871CC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA50AB436h 0x00000008 jmp 00007F4CA50AB443h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D871CC second address: D871D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D871D2 second address: D871D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D877BA second address: D877D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F4CA5099CB8h 0x0000000b jmp 00007F4CA5099CACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D87BD1 second address: D87BF8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB44Dh 0x00000008 jl 00007F4CA50AB442h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D87BF8 second address: D87BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D87D4F second address: D87D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D87D53 second address: D87D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D87D59 second address: D87D7B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA50AB44Dh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C2CF second address: D8C2D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C2D3 second address: D8C314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4CA50AB438h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000004h 0x00000026 movsx edx, di 0x00000029 call 00007F4CA50AB439h 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C314 second address: D8C32B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4CA5099CAFh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C32B second address: D8C349 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F4CA50AB440h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C349 second address: D8C39C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jp 00007F4CA5099CB3h 0x00000010 jmp 00007F4CA5099CADh 0x00000015 mov eax, dword ptr [eax] 0x00000017 jns 00007F4CA5099CB4h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 pushad 0x00000022 jmp 00007F4CA5099CB6h 0x00000027 pushad 0x00000028 push eax 0x00000029 pop eax 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C64D second address: D8C68E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F4CA50AB438h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F4CA50AB449h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4CA50AB442h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C68E second address: D8C6CE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F4CA5099CB2h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 jmp 00007F4CA5099CB6h 0x0000001d pop ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8C6CE second address: D8C6D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8E07E second address: D8E099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CB3h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8DBFC second address: D8DC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4CA50AB444h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: D8FAA5 second address: D8FAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0B51 second address: 4CD0B98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB441h 0x00000008 push eax 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ecx, dword ptr [eax+00000FDCh] 0x00000013 pushad 0x00000014 call 00007F4CA50AB448h 0x00000019 movzx ecx, di 0x0000001c pop edx 0x0000001d push ecx 0x0000001e mov esi, edx 0x00000020 pop edi 0x00000021 popad 0x00000022 test ecx, ecx 0x00000024 pushad 0x00000025 push esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0B98 second address: 4CD0BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 movzx esi, di 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0BA2 second address: 4CD0C00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jns 00007F4CA50AB456h 0x00000010 jmp 00007F4CA50AB43Eh 0x00000015 add eax, ecx 0x00000017 jmp 00007F4CA50AB440h 0x0000001c mov eax, dword ptr [eax+00000860h] 0x00000022 jmp 00007F4CA50AB440h 0x00000027 test eax, eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0C00 second address: 4CD0C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0C04 second address: 4CD0C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0C0A second address: 4CD0C5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov cl, E0h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F4D16FCFDF1h 0x00000010 pushad 0x00000011 mov cx, di 0x00000014 pushfd 0x00000015 jmp 00007F4CA5099CABh 0x0000001a jmp 00007F4CA5099CB3h 0x0000001f popfd 0x00000020 popad 0x00000021 test byte ptr [eax+04h], 00000005h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4CA5099CB5h 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4CD0C5A second address: 4CD0C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA138D second address: CA1391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: CA1595 second address: CA15A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB440h 0x00000009 rdtsc |