Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fF |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.& |
Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sK |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=9yzMGndrVfY4&l=e |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://eaglepawnoy.store:443/apij |
Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://licendfilteo.site:443/api |
Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1812736354.0000000000FB5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812874348.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sensatinwu.buzz/ |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sensatinwu.buzz/api |
Source: file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sensatinwu.buzz/api(Q |
Source: file.exe, 00000000.00000003.1812736354.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813197895.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816020866.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sensatinwu.buzz/pi |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sensatinwu.buzz:443/apibcryptPrimitives.dll( |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/Z |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.1812874348.0000000000F95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.0000000001026000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812846129.000000000103E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1813045734.0000000000F98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1812861155.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812686642.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1816814540.000000000102E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1813045734.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1815851267.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://studennotediw.store:443/apiI |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1812650614.0000000001032000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1813045734.0000000001016000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812736354.0000000001016000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 36E423 second address: 36E42F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 36E6DF second address: 36E6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 36E6E5 second address: 36E70D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F2FF4BC0FC3h 0x00000008 jbe 00007F2FF4BC0FB6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jo 00007F2FF4BC0FCBh 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 371FDF second address: 371FE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 371FE6 second address: 372049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov si, 29CEh 0x0000000c push 00000000h 0x0000000e sub dword ptr [ebp+122D2EC4h], edi 0x00000014 push eax 0x00000015 mov edi, dword ptr [ebp+122D1AD4h] 0x0000001b pop edi 0x0000001c call 00007F2FF4BC0FB9h 0x00000021 jne 00007F2FF4BC0FCDh 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jp 00007F2FF4BC0FCEh 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372049 second address: 372095 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2FF4F875F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F2FF4F875FFh 0x00000013 mov eax, dword ptr [eax] 0x00000015 jmp 00007F2FF4F87609h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F2FF4F875FCh 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372095 second address: 37214E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2FF4BC0FBAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop eax 0x0000000e jbe 00007F2FF4BC0FBCh 0x00000014 mov dword ptr [ebp+122D1C09h], ebx 0x0000001a push 00000003h 0x0000001c pushad 0x0000001d mov eax, ecx 0x0000001f jne 00007F2FF4BC0FC4h 0x00000025 popad 0x00000026 push 00000000h 0x00000028 mov edx, 677C65A1h 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+122D2EC4h], edi 0x00000035 xor edx, 1A1C6ED0h 0x0000003b push 78B8D70Eh 0x00000040 jmp 00007F2FF4BC0FC1h 0x00000045 add dword ptr [esp], 474728F2h 0x0000004c mov di, 6EE6h 0x00000050 lea ebx, dword ptr [ebp+12441E4Bh] 0x00000056 push 00000000h 0x00000058 push edx 0x00000059 call 00007F2FF4BC0FB8h 0x0000005e pop edx 0x0000005f mov dword ptr [esp+04h], edx 0x00000063 add dword ptr [esp+04h], 0000001Bh 0x0000006b inc edx 0x0000006c push edx 0x0000006d ret 0x0000006e pop edx 0x0000006f ret 0x00000070 push edi 0x00000071 mov edi, dword ptr [ebp+122D3754h] 0x00000077 pop esi 0x00000078 xchg eax, ebx 0x00000079 pushad 0x0000007a push edi 0x0000007b jmp 00007F2FF4BC0FC1h 0x00000080 pop edi 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 37214E second address: 372152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372152 second address: 372156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372156 second address: 372170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007F2FF4F875FAh 0x00000011 popad 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3721A1 second address: 3721A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372296 second address: 3722A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3723F3 second address: 372440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F2FF4BC0FC3h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007F2FF4BC0FC6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372440 second address: 372470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2FF4F875FFh 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2FF4F87606h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372470 second address: 37249B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F2FF4BC0FB8h 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 37249B second address: 3724B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F2FF4F875F6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3724B6 second address: 372510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b cld 0x0000000c lea ebx, dword ptr [ebp+12441E5Fh] 0x00000012 jmp 00007F2FF4BC0FBDh 0x00000017 mov edx, dword ptr [ebp+122D397Ch] 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F2FF4BC0FBCh 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F2FF4BC0FC5h 0x0000002c jnp 00007F2FF4BC0FB6h 0x00000032 popad 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372510 second address: 372516 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 372516 second address: 37251A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3918DB second address: 3918F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2FF4F875F6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2FF4F875FEh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3918F8 second address: 39190A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39190A second address: 391910 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391910 second address: 391914 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391914 second address: 39191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39191A second address: 391924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391924 second address: 39192A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39192A second address: 39192E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39192E second address: 391932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391932 second address: 391938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 35E437 second address: 35E448 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 38FFC2 second address: 38FFE0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2FF4BC0FB6h 0x00000008 jmp 00007F2FF4BC0FC4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 38FFE0 second address: 38FFEA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2FF4F875FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39016B second address: 39017A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jns 00007F2FF4BC0FBAh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39045D second address: 390496 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2FF4F875FBh 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 jmp 00007F2FF4F87607h 0x0000001a jng 00007F2FF4F875F6h 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3905ED second address: 3905F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3905F1 second address: 39060E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F2FF4F875F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39060E second address: 390612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 390612 second address: 390632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2FF4F87608h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 366A0B second address: 366A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 366A11 second address: 366A15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 366A15 second address: 366A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 366A1B second address: 366A25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2FF4F875F6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 366A25 second address: 366A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3912B0 second address: 3912B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3912B4 second address: 3912F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F2FF4BC0FD1h 0x0000000f push ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391480 second address: 391484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 391484 second address: 391493 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39645A second address: 396479 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F2FF4F87609h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3965B9 second address: 3965C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3965C6 second address: 3965D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FCh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 394EA8 second address: 394EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 396730 second address: 396736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 359358 second address: 35935D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39C991 second address: 39C997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39C997 second address: 39C99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39C99B second address: 39C9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39C9A7 second address: 39C9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CB13 second address: 39CB47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87608h 0x00000007 jmp 00007F2FF4F87608h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CCC3 second address: 39CCC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CCC7 second address: 39CCD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CCD1 second address: 39CCD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CCD5 second address: 39CCD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CCD9 second address: 39CD04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F2FF4BC0FB8h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F2FF4BC0FC5h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CD04 second address: 39CD12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F2FF4F875FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CD12 second address: 39CD1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39CD1B second address: 39CD23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A1320 second address: 3A1326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A1519 second address: 3A1527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F2FF4F875F6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A17C8 second address: 3A17E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A18B0 second address: 3A18C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A18C2 second address: 3A18D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A1982 second address: 3A1999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2FF4F87600h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A1F99 second address: 3A1FA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F2FF4BC0FB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A226A second address: 3A226E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A2312 second address: 3A2335 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A2335 second address: 3A233A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A25B6 second address: 3A25C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2FF4BC0FB6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A25C1 second address: 3A25C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A355B second address: 3A3593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 push edx 0x00000009 movzx esi, ax 0x0000000c pop edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F2FF4BC0FB8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b movsx edi, cx 0x0000002e xchg eax, ebx 0x0000002f push ecx 0x00000030 push ebx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A3593 second address: 3A35B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2FF4F87607h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A35B3 second address: 3A35BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 361AA0 second address: 361AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A6099 second address: 3A60A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 361AA4 second address: 361AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A97E6 second address: 3A984A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 jmp 00007F2FF4BC0FC2h 0x0000000d pop edi 0x0000000e nop 0x0000000f mov dword ptr [ebp+1247786Ah], ecx 0x00000015 push 00000000h 0x00000017 mov si, 0D70h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F2FF4BC0FB8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 clc 0x00000038 xchg eax, ebx 0x00000039 jmp 00007F2FF4BC0FBFh 0x0000003e push eax 0x0000003f jp 00007F2FF4BC0FC8h 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A95A7 second address: 3A95C9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2FF4F87605h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A984A second address: 3A984E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AC070 second address: 3AC077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AC077 second address: 3AC07C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AC07C second address: 3AC082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AF64D second address: 3AF651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AE6E9 second address: 3AE6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AF84B second address: 3AF855 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AE6ED second address: 3AE6F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AF855 second address: 3AF871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2FF4BC0FC7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AF871 second address: 3AF87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B1834 second address: 3B1841 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3AF87F second address: 3AF885 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B1841 second address: 3B189A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2FF4BC0FC7h 0x0000000c popad 0x0000000d nop 0x0000000e add dword ptr [ebp+122DB3C0h], esi 0x00000014 push 00000000h 0x00000016 sub dword ptr [ebp+122D2B2Eh], edx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F2FF4BC0FB8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000015h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 clc 0x00000039 xchg eax, esi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jnp 00007F2FF4BC0FB6h 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B189A second address: 3B18A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B1A7B second address: 3B1A85 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B39BF second address: 3B39C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B39C4 second address: 3B3A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F2FF4BC0FB8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov bx, 2C00h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f mov bl, cl 0x00000031 mov bh, 7Fh 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a mov ebx, ecx 0x0000003c mov eax, dword ptr [ebp+122D14A1h] 0x00000042 adc edi, 24B9348Eh 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F2FF4BC0FB8h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 jns 00007F2FF4BC0FB8h 0x0000006a nop 0x0000006b pushad 0x0000006c pushad 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B3A46 second address: 3B3A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2FF4F87601h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B57AE second address: 3B57BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B698A second address: 3B69D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b movzx edi, di 0x0000000e adc edi, 6E5B634Bh 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F2FF4F875F8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 xor edi, 3987B771h 0x00000036 push 00000000h 0x00000038 mov ebx, dword ptr [ebp+122D37A4h] 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B69D2 second address: 3B69D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B69D6 second address: 3B69E0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B59C3 second address: 3B59C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B59C9 second address: 3B59D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4F875F6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B78CE second address: 3B78D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8A09 second address: 3B8A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8AED second address: 3B8AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8C16 second address: 3B8C1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8C1C second address: 3B8C34 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jp 00007F2FF4BC0FB6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8C34 second address: 3B8C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B8C39 second address: 3B8C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B9D52 second address: 3B9D58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3B9D58 second address: 3B9D5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BBC81 second address: 3BBC97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2FF4F875F6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jp 00007F2FF4F875FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BBC97 second address: 3BBC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BAC9D second address: 3BAD09 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov di, 5B73h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or edi, dword ptr [ebp+12461F6Dh] 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 mov ebx, dword ptr [ebp+122D2B24h] 0x0000002b mov eax, dword ptr [ebp+122D06D9h] 0x00000031 movzx edi, di 0x00000034 push FFFFFFFFh 0x00000036 call 00007F2FF4F875FDh 0x0000003b call 00007F2FF4F875FEh 0x00000040 mov edi, dword ptr [ebp+122D2D57h] 0x00000046 pop ebx 0x00000047 pop edi 0x00000048 nop 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F2FF4F875FAh 0x00000050 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BAD09 second address: 3BAD30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2FF4BC0FBBh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BCC50 second address: 3BCC6A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F2FF4F875FCh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BCC6A second address: 3BCC7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FBFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BBDEF second address: 3BBDF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BBDF4 second address: 3BBE9F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2FF4BC0FC7h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F2FF4BC0FB8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov ebx, esi 0x0000002a push dword ptr fs:[00000000h] 0x00000031 or dword ptr [ebp+122D2A79h], edx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e push 00000000h 0x00000040 push ebx 0x00000041 call 00007F2FF4BC0FB8h 0x00000046 pop ebx 0x00000047 mov dword ptr [esp+04h], ebx 0x0000004b add dword ptr [esp+04h], 00000019h 0x00000053 inc ebx 0x00000054 push ebx 0x00000055 ret 0x00000056 pop ebx 0x00000057 ret 0x00000058 or dword ptr [ebp+122D2A79h], edi 0x0000005e mov eax, dword ptr [ebp+122D0161h] 0x00000064 mov bx, di 0x00000067 push FFFFFFFFh 0x00000069 jl 00007F2FF4BC0FCDh 0x0000006f jmp 00007F2FF4BC0FC7h 0x00000074 push eax 0x00000075 push ecx 0x00000076 pushad 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BCE0E second address: 3BCE14 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BDD69 second address: 3BDD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BDD6D second address: 3BDD73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3BDD73 second address: 3BDD78 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3C4505 second address: 3C452F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4F875F6h 0x00000008 jmp 00007F2FF4F875FAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F2FF4F87606h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3C7123 second address: 3C713E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007F2FF4BC0FC0h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3C713E second address: 3C7143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3C7143 second address: 3C715A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F2FF4BC0FC0h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3CA0CB second address: 3CA0DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2FF4F875F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D2412 second address: 3D246C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2FF4BC0FB6h 0x0000000a jmp 00007F2FF4BC0FC3h 0x0000000f popad 0x00000010 je 00007F2FF4BC0FC9h 0x00000016 push edx 0x00000017 pop edx 0x00000018 jmp 00007F2FF4BC0FC1h 0x0000001d push eax 0x0000001e jnc 00007F2FF4BC0FB6h 0x00000024 jne 00007F2FF4BC0FB6h 0x0000002a pop eax 0x0000002b popad 0x0000002c push edi 0x0000002d pushad 0x0000002e push edx 0x0000002f pop edx 0x00000030 jmp 00007F2FF4BC0FBCh 0x00000035 pushad 0x00000036 popad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1800 second address: 3D1810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jl 00007F2FF4F875F6h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1810 second address: 3D1816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1816 second address: 3D181A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1C7C second address: 3D1CAF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2FF4BC0FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F2FF4BC0FBAh 0x00000010 jmp 00007F2FF4BC0FC9h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1CAF second address: 3D1CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1E39 second address: 3D1E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1E40 second address: 3D1E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1E46 second address: 3D1E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1E4C second address: 3D1E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1F9D second address: 3D1FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D1FA1 second address: 3D1FB3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jp 00007F2FF4F875F6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D210B second address: 3D2111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D2299 second address: 3D229D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D229D second address: 3D22A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D6373 second address: 3D6389 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2FF4F875F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F2FF4F875F6h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D64D3 second address: 3D64E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D64E1 second address: 3D64E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D64E7 second address: 3D64ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D606A second address: 3D6072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D6E11 second address: 3D6E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3D7486 second address: 3D749E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jnp 00007F2FF4F8761Dh 0x0000000d push ecx 0x0000000e jnp 00007F2FF4F875F6h 0x00000014 pop ecx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DE0B3 second address: 3DE0BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DE0BD second address: 3DE0C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DCE24 second address: 3DCE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a pop ebx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DCE2F second address: 3DCE35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DCE35 second address: 3DCE4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FBBh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DCE4F second address: 3DCE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F2FF4F875F6h 0x00000011 jns 00007F2FF4F875F6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DCE66 second address: 3DCE72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD2A3 second address: 3DD2B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD2B1 second address: 3DD2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD2B5 second address: 3DD2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD5AB second address: 3DD5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2FF4BC0FB6h 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD5B6 second address: 3DD5C0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD9CA second address: 3DD9D7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DD9D7 second address: 3DD9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FDh 0x00000009 js 00007F2FF4F875F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3DDF3A second address: 3DDF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2FF4BC0FB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 35FF47 second address: 35FF7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FCh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F2FF4F87609h 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 35FF7B second address: 35FF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39FC8D second address: 39FCAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87603h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39FCAA second address: 39FCB8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F2FF4BC0FB6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39FCB8 second address: 39FCE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b clc 0x0000000c lea eax, dword ptr [ebp+1246F995h] 0x00000012 mov dx, bx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jng 00007F2FF4F875F6h 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 39FCE5 second address: 38771F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2FF4BC0FB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F2FF4BC0FBFh 0x00000012 call dword ptr [ebp+122D298Eh] 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A012F second address: 203A64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b mov dl, 82h 0x0000000d push dword ptr [ebp+122D0D01h] 0x00000013 jmp 00007F2FF4F87605h 0x00000018 call dword ptr [ebp+122D2DB9h] 0x0000001e pushad 0x0000001f jng 00007F2FF4F875FCh 0x00000025 mov dword ptr [ebp+122D22C7h], ecx 0x0000002b xor eax, eax 0x0000002d jmp 00007F2FF4F87609h 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 pushad 0x00000037 call 00007F2FF4F87605h 0x0000003c jno 00007F2FF4F875F6h 0x00000042 pop eax 0x00000043 add ebx, dword ptr [ebp+122D3938h] 0x00000049 popad 0x0000004a mov dword ptr [ebp+122D3964h], eax 0x00000050 pushad 0x00000051 push edx 0x00000052 sub dword ptr [ebp+122D22C7h], edi 0x00000058 pop ebx 0x00000059 popad 0x0000005a mov esi, 0000003Ch 0x0000005f mov dword ptr [ebp+122D22C7h], ebx 0x00000065 xor dword ptr [ebp+122D22C7h], ecx 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f pushad 0x00000070 sub ebx, dword ptr [ebp+122D3768h] 0x00000076 mov dword ptr [ebp+122D22C7h], esi 0x0000007c popad 0x0000007d lodsw 0x0000007f sub dword ptr [ebp+122D22C7h], edx 0x00000085 add eax, dword ptr [esp+24h] 0x00000089 mov dword ptr [ebp+122D22C7h], eax 0x0000008f cld 0x00000090 mov ebx, dword ptr [esp+24h] 0x00000094 cmc 0x00000095 push eax 0x00000096 push ecx 0x00000097 pushad 0x00000098 push eax 0x00000099 push edx 0x0000009a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A01B8 second address: 3A01BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A0255 second address: 3A0259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A0259 second address: 3A029A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 add dword ptr [esp], 63719ED7h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F2FF4BC0FB8h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 sub dword ptr [ebp+122D2DAEh], eax 0x0000002e push 17502F7Eh 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A029A second address: 3A02A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A03A8 second address: 3A03AD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A0CF9 second address: 3A0D07 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A0D07 second address: 3A0D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A0D0B second address: 3A0D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A1036 second address: 3A104C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5702 second address: 3E5733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FFh 0x00000009 jnp 00007F2FF4F875FAh 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push edx 0x00000015 jmp 00007F2FF4F875FEh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5733 second address: 3E5739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5739 second address: 3E573D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5869 second address: 3E58A2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007F2FF4BC0FB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F2FF4BC0FC2h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 jg 00007F2FF4BC0FC2h 0x0000001b pushad 0x0000001c push eax 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E59FC second address: 3E5A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5A02 second address: 3E5A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2FF4BC0FC8h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5DD9 second address: 3E5DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5DE1 second address: 3E5DF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBAh 0x00000007 jnl 00007F2FF4BC0FB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5DF9 second address: 3E5DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3E5DFD second address: 3E5E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EC525 second address: 3EC52B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EC52B second address: 3EC54E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC9h 0x00000009 jns 00007F2FF4BC0FB6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EC697 second address: 3EC6BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87606h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F2FF4F875F8h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EC9FD second address: 3ECA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3ECA02 second address: 3ECA15 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2FF4F875FEh 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EEB52 second address: 3EEB56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EEB56 second address: 3EEB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EEB60 second address: 3EEB81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2FF4BC0FB6h 0x0000000a jmp 00007F2FF4BC0FC7h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EEB81 second address: 3EEBA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F2FF4F875F6h 0x00000011 jmp 00007F2FF4F875FCh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EEBA8 second address: 3EEBAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED16 second address: 3EED2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4F87600h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED2C second address: 3EED3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED3A second address: 3EED4E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F2FF4F875FCh 0x0000000e jno 00007F2FF4F875F6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED4E second address: 3EED6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC7h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED6B second address: 3EED77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3EED77 second address: 3EED7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F2F65 second address: 3F2F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F2F6D second address: 3F2F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F2F7A second address: 3F2F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F320C second address: 3F3210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F3210 second address: 3F323C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2FF4F87607h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F65A0 second address: 3F65C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FC7h 0x0000000b popad 0x0000000c pushad 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F65C6 second address: 3F65D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F2FF4F875F6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F65D4 second address: 3F65DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5DD6 second address: 3F5E0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87602h 0x00000007 pushad 0x00000008 jmp 00007F2FF4F875FDh 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F2FF4F875F6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5E0A second address: 3F5E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5E0E second address: 3F5E1C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5E1C second address: 3F5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5FC7 second address: 3F5FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3F5FCB second address: 3F5FF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F2FF4BC0FD2h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB21C second address: 3FB222 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB222 second address: 3FB233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F2FF4BC0FB6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB233 second address: 3FB238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB238 second address: 3FB23D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB506 second address: 3FB51E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jmp 00007F2FF4F875FDh 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB51E second address: 3FB53A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FC8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FB53A second address: 3FB540 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FBA5A second address: 3FBA8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007F2FF4BC0FC0h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F2FF4BC0FB6h 0x0000001a push edi 0x0000001b pop edi 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FBA8F second address: 3FBA95 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FC428 second address: 3FC439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FBBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FC439 second address: 3FC43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3FC43E second address: 3FC443 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 35C9F5 second address: 35C9F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 402CB4 second address: 402CC4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F2FF4BC0FDFh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 402CC4 second address: 402CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 402CCA second address: 402CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 402E13 second address: 402E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 402E17 second address: 402E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4043A1 second address: 4043A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4043A7 second address: 4043AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4043AC second address: 4043CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4043CA second address: 4043DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2FF4BC0FBDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4046E4 second address: 4046F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4046F4 second address: 4046FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4094A9 second address: 4094AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4094AD second address: 4094B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4085CE second address: 408639 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2FF4F87609h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F2FF4F875F8h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 pushad 0x00000015 jmp 00007F2FF4F87604h 0x0000001a jmp 00007F2FF4F87607h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2FF4F875FFh 0x00000026 jo 00007F2FF4F875F6h 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 408D53 second address: 408D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4BC0FBFh 0x00000009 jl 00007F2FF4BC0FBAh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 408F07 second address: 408F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 jmp 00007F2FF4F87603h 0x0000000e popad 0x0000000f pop edx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 409073 second address: 40907C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 40907C second address: 40909F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87607h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push edi 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 417D04 second address: 417D0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41614C second address: 41616C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2FF4F87605h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41657E second address: 416583 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 416583 second address: 416592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jbe 00007F2FF4F875FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 416D79 second address: 416D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 416D83 second address: 416D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41EC31 second address: 41EC4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC3h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41EC4C second address: 41EC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41EC50 second address: 41EC6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FBDh 0x00000007 jne 00007F2FF4BC0FB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41EC6F second address: 41EC75 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41EC75 second address: 41EC8E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F2FF4BC0FBBh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jbe 00007F2FF4BC0FB6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41E91C second address: 41E920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41E920 second address: 41E93C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FBEh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41E93C second address: 41E955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87604h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41E955 second address: 41E970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FC5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41E970 second address: 41E974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 43EBE5 second address: 43EBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 43EBE9 second address: 43EC1F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2FF4F875F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F2FF4F87601h 0x00000010 jmp 00007F2FF4F875FBh 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2FF4F87607h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 43EC1F second address: 43EC44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2FF4BC0FC0h 0x0000000c jmp 00007F2FF4BC0FBAh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 441388 second address: 44138C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44138C second address: 4413B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2FF4BC0FC7h 0x0000000b pop edi 0x0000000c jbe 00007F2FF4BC0FD9h 0x00000012 pushad 0x00000013 jl 00007F2FF4BC0FB6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 443B36 second address: 443B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2FF4F875F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44BA84 second address: 44BA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44BD5B second address: 44BD6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 jmp 00007F2FF4F875FAh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44C3DD second address: 44C3E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44C3E7 second address: 44C417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F875FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F2FF4F87606h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44CDFE second address: 44CE2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC0h 0x00000007 jmp 00007F2FF4BC0FC8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44CE2F second address: 44CE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87609h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45066E second address: 450672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45FDC6 second address: 45FDCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45FDCA second address: 45FDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45FDD0 second address: 45FDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jmp 00007F2FF4F875FCh 0x0000000d jns 00007F2FF4F875FEh 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45FDF5 second address: 45FE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2FF4BC0FB6h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F2FF4BC0FB6h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45FE0A second address: 45FE0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46BEFD second address: 46BF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46BF06 second address: 46BF0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4857E7 second address: 48580E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2FF4BC0FBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2FF4BC0FC5h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48498C second address: 4849A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2FF4F875F6h 0x0000000a jmp 00007F2FF4F87601h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4849A7 second address: 4849BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F2FF4BC0FB6h 0x0000000f jp 00007F2FF4BC0FB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4850A0 second address: 4850A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4850A5 second address: 4850AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 485384 second address: 485389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 485389 second address: 485393 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F2FF4BC0FB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 486D88 second address: 486D99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jng 00007F2FF4F875F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48836F second address: 488377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 488377 second address: 48837C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48837C second address: 4883A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 ja 00007F2FF4BC0FCDh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4883A8 second address: 4883CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F87608h 0x00000009 jo 00007F2FF4F875F6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4883CD second address: 4883D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48ACC0 second address: 48ACC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48ACC9 second address: 48ACCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48B018 second address: 48B033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F2FF4F875FAh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48B2BA second address: 48B2FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007F2FF4BC0FB6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jnp 00007F2FF4BC0FB9h 0x00000013 movzx edx, ax 0x00000016 push dword ptr [ebp+12440002h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F2FF4BC0FB8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 mov edx, ecx 0x00000038 push 28A2FB69h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48B2FF second address: 48B30F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2FF4F875FBh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48CB1B second address: 48CB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F2FF4BC0FB6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48CB28 second address: 48CB59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F2FF4F87601h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F2FF4F875FAh 0x00000018 jng 00007F2FF4F875FCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48C669 second address: 48C66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48C66F second address: 48C676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48C676 second address: 48C686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F2FF4BC0FBAh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0001F second address: 4F0005B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ebx, 71729D4Eh 0x00000017 call 00007F2FF4F875FFh 0x0000001c pop eax 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0005B second address: 4F0007D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4BC0FC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0007D second address: 4F0009A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0009A second address: 4F000AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2FF4BC0FBCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F000AA second address: 4F000AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F000AE second address: 4F000C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F2FF4BC0FE5h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov edx, eax 0x00000013 mov ax, 322Bh 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F000C6 second address: 4F000F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2FF4F87601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b jmp 00007F2FF4F875FEh 0x00000010 mov eax, dword ptr [eax+00000860h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b mov ecx, edi 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F000F9 second address: 4F00131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ebx, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test eax, eax 0x0000000c jmp 00007F2FF4BC0FBAh 0x00000011 je 00007F30658B7C06h 0x00000017 jmp 00007F2FF4BC0FC0h 0x0000001c test byte ptr [eax+04h], 00000005h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 mov edi, 677CDD8Eh 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 3A4268 second address: 3A426C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |