Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://avatars.akamai.steamstatic |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000002.2085908053.00000000011D3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/ |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/_ |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/api |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/api$ |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/api?e |
Source: file.exe, 00000000.00000003.2085241301.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086073758.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/apih |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/g |
Source: file.exe, 00000000.00000002.2086073758.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085241301.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/p |
Source: file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com:443/apifiles/76561199724331900 |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.2075664185.0000000001215000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2085908053.00000000011B4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2086129088.0000000001261000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.0000000001248000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2085214502.0000000001259000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075542118.000000000124E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.2075866420.0000000001207000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075866420.0000000001215000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 7E3A29 second address: 7E3A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 95F3EA second address: 95F3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 95F3EE second address: 95F415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF518700CBFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF518700CBEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 95F415 second address: 95F419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 95F419 second address: 95F41F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9627E8 second address: 9627EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9627EC second address: 9627F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9627F2 second address: 9627F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9627F7 second address: 962827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FF518700CB6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e ja 00007FF518700CC8h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962827 second address: 962831 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962831 second address: 962837 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962837 second address: 96286E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007FF5188675B0h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF5188675B6h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 96286E second address: 7E3A29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop eax 0x00000008 pushad 0x00000009 mov dword ptr [ebp+122D1895h], esi 0x0000000f mov edx, eax 0x00000011 popad 0x00000012 push dword ptr [ebp+122D116Dh] 0x00000018 mov esi, dword ptr [ebp+122D2C0Ch] 0x0000001e call dword ptr [ebp+122D309Eh] 0x00000024 pushad 0x00000025 xor dword ptr [ebp+122D20BEh], eax 0x0000002b xor eax, eax 0x0000002d sub dword ptr [ebp+122D1ABEh], edx 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 pushad 0x00000038 jmp 00007FF518700CC4h 0x0000003d jmp 00007FF518700CBCh 0x00000042 popad 0x00000043 mov dword ptr [ebp+122D2A98h], eax 0x00000049 mov dword ptr [ebp+122D20BEh], edx 0x0000004f mov esi, 0000003Ch 0x00000054 sub dword ptr [ebp+122D1CB9h], eax 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e pushad 0x0000005f cld 0x00000060 mov ecx, eax 0x00000062 popad 0x00000063 pushad 0x00000064 mov eax, dword ptr [ebp+122D2ACCh] 0x0000006a add dword ptr [ebp+122D1F48h], edx 0x00000070 popad 0x00000071 lodsw 0x00000073 jg 00007FF518700CC4h 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d cld 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 add dword ptr [ebp+122D34E4h], esi 0x00000088 nop 0x00000089 push eax 0x0000008a push edx 0x0000008b pushad 0x0000008c jp 00007FF518700CB6h 0x00000092 push eax 0x00000093 push edx 0x00000094 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9629C5 second address: 9629CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962AA1 second address: 962AC7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov si, DE55h 0x0000000e sub dword ptr [ebp+122D1EC3h], edx 0x00000014 push 00000000h 0x00000016 xor dword ptr [ebp+122D19A2h], eax 0x0000001c push CC1DBC56h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962AC7 second address: 962ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962ACB second address: 962B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF518700CC7h 0x0000000b popad 0x0000000c add dword ptr [esp], 33E2442Ah 0x00000013 movsx esi, si 0x00000016 jmp 00007FF518700CBCh 0x0000001b push 00000003h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007FF518700CB8h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 call 00007FF518700CC6h 0x0000003c jl 00007FF518700CBCh 0x00000042 mov esi, dword ptr [ebp+122D2AD0h] 0x00000048 pop esi 0x00000049 push 00000000h 0x0000004b xor dword ptr [ebp+122D30E5h], ebx 0x00000051 push 00000003h 0x00000053 jbe 00007FF518700CBCh 0x00000059 adc edx, 6EDD9B52h 0x0000005f push BC6F6217h 0x00000064 pushad 0x00000065 pushad 0x00000066 jmp 00007FF518700CC6h 0x0000006b jne 00007FF518700CB6h 0x00000071 popad 0x00000072 push eax 0x00000073 push edx 0x00000074 jnp 00007FF518700CB6h 0x0000007a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962B87 second address: 962BD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 03909DE9h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FF5188675A8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 lea ebx, dword ptr [ebp+12452713h] 0x0000002e mov edi, dword ptr [ebp+122D2B54h] 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a jnc 00007FF5188675A6h 0x00000040 popad 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C1C second address: 962C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C20 second address: 962C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C26 second address: 962C60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FF518700CB6h 0x00000009 jg 00007FF518700CB6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov esi, 0BCB34CEh 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D30E5h], eax 0x00000022 call 00007FF518700CB9h 0x00000027 pushad 0x00000028 jmp 00007FF518700CBAh 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C60 second address: 962C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C64 second address: 962C7E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 jnl 00007FF518700CB8h 0x0000000f pop edi 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962C7E second address: 962CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jne 00007FF5188675AAh 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 jmp 00007FF5188675B2h 0x0000001b pop eax 0x0000001c jmp 00007FF5188675B9h 0x00000021 push 00000003h 0x00000023 xor dword ptr [ebp+122D30D2h], edx 0x00000029 push 00000000h 0x0000002b jmp 00007FF5188675AAh 0x00000030 push 00000003h 0x00000032 pushad 0x00000033 clc 0x00000034 mov ecx, dword ptr [ebp+122D31B9h] 0x0000003a popad 0x0000003b push 68EA667Ch 0x00000040 pushad 0x00000041 jbe 00007FF5188675A8h 0x00000047 pushad 0x00000048 popad 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 962CF0 second address: 962D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 add dword ptr [esp], 57159984h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FF518700CB8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 lea ebx, dword ptr [ebp+1245271Eh] 0x0000002f mov edi, dword ptr [ebp+122D19DFh] 0x00000035 xchg eax, ebx 0x00000036 jno 00007FF518700CBEh 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 jno 00007FF518700CB6h 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981620 second address: 981625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981625 second address: 98162B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9817B7 second address: 9817F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FF5188675ADh 0x0000000b popad 0x0000000c jc 00007FF5188675A8h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007FF5188675B6h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9817F2 second address: 9817FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9817FA second address: 981800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981800 second address: 981819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF518700CC1h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981BF2 second address: 981BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981BFB second address: 981C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981C01 second address: 981C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981C05 second address: 981C09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981C09 second address: 981C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981D58 second address: 981D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FF518700CB6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981EA7 second address: 981EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981EB1 second address: 981EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981EB7 second address: 981EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981EBE second address: 981EC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 981EC4 second address: 981ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 98205B second address: 982062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9824BB second address: 9824D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9824D5 second address: 9824F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF518700CBFh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9824F4 second address: 982531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675B7h 0x00000008 jmp 00007FF5188675B2h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF5188675ACh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 982531 second address: 98253B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 977806 second address: 977826 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FF5188675B3h 0x0000000a jnc 00007FF5188675A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9827CF second address: 9827E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FF518700CBAh 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9827E2 second address: 9827E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 982D46 second address: 982D4B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 98302A second address: 98305A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FF5188675B2h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jnl 00007FF5188675A6h 0x0000001a jl 00007FF5188675A6h 0x00000020 popad 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 98305A second address: 983077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CC8h 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9834DD second address: 9834E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9834E7 second address: 983516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF518700CBCh 0x00000012 jmp 00007FF518700CC3h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 989584 second address: 98958A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 98958A second address: 98959A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94AD04 second address: 94AD45 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push ebx 0x00000009 jns 00007FF5188675A6h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007FF5188675BFh 0x0000001a jmp 00007FF5188675B7h 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007FF5188675AEh 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94AD45 second address: 94AD4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94AD4A second address: 94AD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94AD50 second address: 94AD5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnl 00007FF518700CB6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 954BE1 second address: 954BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 954BEB second address: 954BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 954BF1 second address: 954BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990470 second address: 99047A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 98FFFE second address: 990009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990009 second address: 99000D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99000D second address: 990013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990013 second address: 990020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990020 second address: 990024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990024 second address: 990036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990036 second address: 99004A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99018F second address: 9901B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF518700CC7h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9901B2 second address: 9901D1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF5188675B9h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9901D1 second address: 9901D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9901D9 second address: 9901DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99032D second address: 990343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBBh 0x00000009 jg 00007FF518700CB6h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9923A3 second address: 9923A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9923A9 second address: 9923F4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 078EA93Eh 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FF518700CB8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d xor di, 7893h 0x00000032 push F2BA20B5h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push esi 0x0000003b pop esi 0x0000003c jnc 00007FF518700CB6h 0x00000042 popad 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9926B9 second address: 9926CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FF5188675ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9926CB second address: 9926CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9926CF second address: 9926D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9927B4 second address: 9927B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9927B8 second address: 9927BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 992FF3 second address: 993010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9930C5 second address: 9930CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9931E9 second address: 9931ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9931ED second address: 993203 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FF5188675ACh 0x00000010 jne 00007FF5188675A6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 993488 second address: 993498 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9951D4 second address: 995239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675B0h 0x00000009 popad 0x0000000a push eax 0x0000000b jo 00007FF5188675AAh 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 nop 0x00000016 push 00000000h 0x00000018 call 00007FF5188675AFh 0x0000001d jmp 00007FF5188675ABh 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 jnp 00007FF5188675A9h 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e jc 00007FF5188675B9h 0x00000034 jmp 00007FF5188675B3h 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 995239 second address: 99524F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF518700CC2h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 995BF3 second address: 995BFD instructions: 0x00000000 rdtsc 0x00000002 je 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 995A03 second address: 995A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e js 00007FF518700CB6h 0x00000014 pop edi 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 995A18 second address: 995A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675AFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 995A2B second address: 995A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 997F9B second address: 997FA1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 999F16 second address: 999F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99D98A second address: 99D9E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FF5188675A6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d je 00007FF5188675B8h 0x00000013 jmp 00007FF5188675B2h 0x00000018 nop 0x00000019 push eax 0x0000001a jmp 00007FF5188675AFh 0x0000001f pop edi 0x00000020 push 00000000h 0x00000022 mov ebx, dword ptr [ebp+122D2D48h] 0x00000028 mov dword ptr [ebp+1247AE7Ch], esi 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+122D1A0Ch], ecx 0x00000036 push eax 0x00000037 js 00007FF5188675B0h 0x0000003d push eax 0x0000003e push edx 0x0000003f push edi 0x00000040 pop edi 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99CBF5 second address: 99CBFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99F9BC second address: 99F9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99EC33 second address: 99EC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99F9C0 second address: 99F9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99EC37 second address: 99EC3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A09E0 second address: 9A09E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A09E5 second address: 9A09F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A09F5 second address: 9A09FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A09FB second address: 9A0A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A0A01 second address: 9A0A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A0A05 second address: 9A0A79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FF518700CB8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 and edi, 316A4A72h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FF518700CB8h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 jmp 00007FF518700CBBh 0x0000004d pop ebx 0x0000004e mov di, bx 0x00000051 xchg eax, esi 0x00000052 pushad 0x00000053 push eax 0x00000054 jmp 00007FF518700CBFh 0x00000059 pop eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push edi 0x0000005d pop edi 0x0000005e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A0A79 second address: 9A0A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A0A7D second address: 9A0A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jng 00007FF518700CB6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A28B9 second address: 9A28BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A28BD second address: 9A28E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF518700CC3h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A28E4 second address: 9A28E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A4A87 second address: 9A4A8D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A3B80 second address: 9A3BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF5188675A6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF5188675B9h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A3BA8 second address: 9A3BAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A695B second address: 9A699E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007FF5188675ACh 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF5188675B6h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A699E second address: 9A69AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A69AF second address: 9A69B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A6BBC second address: 9A6BDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF518700CB6h 0x00000009 jmp 00007FF518700CC0h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A6BDF second address: 9A6BE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A6BE3 second address: 9A6BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A4C32 second address: 9A4C38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A4C38 second address: 9A4C3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A4C3C second address: 9A4CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov di, B3CDh 0x0000000f push dword ptr fs:[00000000h] 0x00000016 or dword ptr [ebp+12484020h], ebx 0x0000001c mov ebx, dword ptr [ebp+122D1E31h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007FF5188675A8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov di, ax 0x00000046 mov eax, dword ptr [ebp+122D02C9h] 0x0000004c push 00000000h 0x0000004e push ebp 0x0000004f call 00007FF5188675A8h 0x00000054 pop ebp 0x00000055 mov dword ptr [esp+04h], ebp 0x00000059 add dword ptr [esp+04h], 0000001Ch 0x00000061 inc ebp 0x00000062 push ebp 0x00000063 ret 0x00000064 pop ebp 0x00000065 ret 0x00000066 push FFFFFFFFh 0x00000068 nop 0x00000069 pushad 0x0000006a jmp 00007FF5188675B6h 0x0000006f jmp 00007FF5188675AEh 0x00000074 popad 0x00000075 push eax 0x00000076 push edi 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A4CE0 second address: 9A4CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A9B5D second address: 9A9BC9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF5188675ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FF5188675AFh 0x00000011 je 00007FF5188675BAh 0x00000017 jmp 00007FF5188675B4h 0x0000001c popad 0x0000001d nop 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007FF5188675A8h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c sub di, 8249h 0x00000041 push eax 0x00000042 push ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A8C91 second address: 9A8C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A8C95 second address: 9A8D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+122D30E0h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FF5188675A8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 xor dword ptr [ebp+122D198Bh], eax 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov dword ptr [ebp+122D1895h], eax 0x00000044 mov eax, dword ptr [ebp+122D0709h] 0x0000004a mov edi, 306C3724h 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push edx 0x00000054 call 00007FF5188675A8h 0x00000059 pop edx 0x0000005a mov dword ptr [esp+04h], edx 0x0000005e add dword ptr [esp+04h], 00000019h 0x00000066 inc edx 0x00000067 push edx 0x00000068 ret 0x00000069 pop edx 0x0000006a ret 0x0000006b add di, 63AEh 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push ecx 0x00000076 pop ecx 0x00000077 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A8D1C second address: 9A8D2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9AAC7C second address: 9AACF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007FF5188675A8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 xor ebx, dword ptr [ebp+122D2A54h] 0x0000002c call 00007FF5188675AAh 0x00000031 mov di, ax 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 mov dword ptr [ebp+122D195Dh], ecx 0x0000003d push 00000000h 0x0000003f jnl 00007FF5188675A9h 0x00000045 push eax 0x00000046 jl 00007FF5188675C7h 0x0000004c push eax 0x0000004d push edx 0x0000004e jc 00007FF5188675A6h 0x00000054 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A9CDD second address: 9A9CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9A9CE1 second address: 9A9CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9ABC76 second address: 9ABC98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF518700CB6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF518700CC1h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9ABC98 second address: 9ABCFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675B6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov ebx, ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FF5188675A8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c jnc 00007FF5188675ACh 0x00000032 stc 0x00000033 push 00000000h 0x00000035 mov ebx, dword ptr [ebp+122D2C60h] 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f pop eax 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9AAE32 second address: 9AAE36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9AAE36 second address: 9AAE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9AE0F5 second address: 9AE0F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9AE0F9 second address: 9AE115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94767A second address: 9476A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBEh 0x00000007 jmp 00007FF518700CBFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9476A1 second address: 9476B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF5188675AAh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9B4CE7 second address: 9B4CF6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF518700CB8h 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 956793 second address: 9567A0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9567A0 second address: 9567A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9B44B5 second address: 9B44BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9B4785 second address: 9B479E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF518700CBFh 0x00000009 jl 00007FF518700CB6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9B479E second address: 9B47A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAA9A second address: 9BAAA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAAA0 second address: 9BAAC1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF5188675B0h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnp 00007FF5188675B0h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAAC1 second address: 9BAACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAACF second address: 9BAAFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007FF5188675ACh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAAFB second address: 9BAB00 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAD38 second address: 9BAD3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BAD3D second address: 7E3A29 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007FF518700CB6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 0E5BC436h 0x00000013 cld 0x00000014 push dword ptr [ebp+122D116Dh] 0x0000001a jmp 00007FF518700CC0h 0x0000001f call dword ptr [ebp+122D309Eh] 0x00000025 pushad 0x00000026 xor dword ptr [ebp+122D20BEh], eax 0x0000002c xor eax, eax 0x0000002e sub dword ptr [ebp+122D1ABEh], edx 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 pushad 0x00000039 jmp 00007FF518700CC4h 0x0000003e jmp 00007FF518700CBCh 0x00000043 popad 0x00000044 mov dword ptr [ebp+122D2A98h], eax 0x0000004a mov dword ptr [ebp+122D20BEh], edx 0x00000050 mov esi, 0000003Ch 0x00000055 sub dword ptr [ebp+122D1CB9h], eax 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f pushad 0x00000060 cld 0x00000061 mov ecx, eax 0x00000063 popad 0x00000064 pushad 0x00000065 mov eax, dword ptr [ebp+122D2ACCh] 0x0000006b add dword ptr [ebp+122D1F48h], edx 0x00000071 popad 0x00000072 lodsw 0x00000074 jg 00007FF518700CC4h 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e cld 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 add dword ptr [ebp+122D34E4h], esi 0x00000089 nop 0x0000008a push eax 0x0000008b push edx 0x0000008c pushad 0x0000008d jp 00007FF518700CB6h 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF4B6 second address: 9BF4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF4BD second address: 9BF501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CC6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FF518700CC9h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jg 00007FF518700CC2h 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF665 second address: 9BF66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF66B second address: 9BF671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF78A second address: 9BF7A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675AAh 0x00000008 jnc 00007FF5188675A6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF7A4 second address: 9BF7AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF518700CB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF8D2 second address: 9BF8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF8D6 second address: 9BF8FC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FF518700CC8h 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF8FC second address: 9BF900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BF900 second address: 9BF90C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BFA63 second address: 9BFA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BFA67 second address: 9BFA6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BFE43 second address: 9BFE55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9BFE55 second address: 9BFE5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C4BC4 second address: 9C4BD2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C4BD2 second address: 9C4C10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CC3h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FF518700CBDh 0x0000000f popad 0x00000010 push ecx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop ecx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FF518700CC0h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C4C10 second address: 9C4C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C4D51 second address: 9C4D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C4EE1 second address: 9C4EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C5050 second address: 9C5075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBEh 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007FF518700CB6h 0x00000011 pushad 0x00000012 popad 0x00000013 js 00007FF518700CB6h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C51CE second address: 9C51FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675ADh 0x00000009 jp 00007FF5188675A6h 0x0000000f popad 0x00000010 jc 00007FF5188675B2h 0x00000016 jmp 00007FF5188675ACh 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C51FC second address: 9C5200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C5200 second address: 9C5210 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007FF5188675A6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C5362 second address: 9C5366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C54E1 second address: 9C54E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C54E5 second address: 9C54E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C54E9 second address: 9C54EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9782BA second address: 9782BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9782BE second address: 9782DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF5188675AAh 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007FF5188675ADh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9782DE second address: 9782E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C596E second address: 9C597A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF5188675A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C951F second address: 9C956A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jne 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 je 00007FF518700CB6h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c popad 0x0000001d pushad 0x0000001e jmp 00007FF518700CC2h 0x00000023 push eax 0x00000024 push edx 0x00000025 push edi 0x00000026 pop edi 0x00000027 jmp 00007FF518700CC7h 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990DB3 second address: 990DB9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 990DB9 second address: 990DF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF518700CBFh 0x00000008 jbe 00007FF518700CB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007FF518700CC6h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 99143A second address: 99144B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007FF5188675A8h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991C51 second address: 991C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FF518700CB8h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991D6A second address: 991D6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991F85 second address: 991F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991F8B second address: 991F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991F8F second address: 991F9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991F9E second address: 991FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991FA2 second address: 991FA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991FA8 second address: 9782BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007FF5188675A6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d movzx edi, bx 0x00000010 mov ecx, dword ptr [ebp+122D19D3h] 0x00000016 lea eax, dword ptr [ebp+12480A0Ah] 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007FF5188675A8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 0000001Ch 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 jc 00007FF5188675ABh 0x0000003c pushad 0x0000003d stc 0x0000003e mov edx, eax 0x00000040 popad 0x00000041 or ecx, dword ptr [ebp+122D30B7h] 0x00000047 push eax 0x00000048 jmp 00007FF5188675B4h 0x0000004d mov dword ptr [esp], eax 0x00000050 sbb dx, D7B5h 0x00000055 lea eax, dword ptr [ebp+124809C6h] 0x0000005b jbe 00007FF5188675ACh 0x00000061 push eax 0x00000062 jmp 00007FF5188675AFh 0x00000067 mov dword ptr [esp], eax 0x0000006a movsx edi, ax 0x0000006d call dword ptr [ebp+12453473h] 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C994D second address: 9C995F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF518700CB6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C995F second address: 9C9963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C9963 second address: 9C9978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C9978 second address: 9C9993 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF5188675AAh 0x00000008 jmp 00007FF5188675ACh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9C9ACA second address: 9C9AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FF518700CC4h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9CDB8E second address: 9CDB92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D35FC second address: 9D361E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF518700CCAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D361E second address: 9D3624 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D38F6 second address: 9D38FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D38FD second address: 9D3903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D6F6E second address: 9D6F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DA210 second address: 9DA243 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FF5188675ACh 0x00000010 jmp 00007FF5188675AAh 0x00000015 popad 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9D9DA0 second address: 9D9DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DB89A second address: 9DB8A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 js 00007FF5188675A6h 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DB8A7 second address: 9DB8AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DB8AC second address: 9DB8CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF5188675A6h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esi 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 ja 00007FF5188675A6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DE91F second address: 9DE929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF518700CB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DE929 second address: 9DE92F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9DE92F second address: 9DE940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jnp 00007FF518700CB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 94400A second address: 94400E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9E6D97 second address: 9E6DBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push edx 0x00000008 jmp 00007FF518700CC1h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 jc 00007FF518700CB6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9E703E second address: 9E7095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675B9h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF5188675AEh 0x00000011 ja 00007FF5188675C9h 0x00000017 jmp 00007FF5188675B2h 0x0000001c jmp 00007FF5188675B1h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9E7095 second address: 9E709A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9E71C6 second address: 9E71D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9E71D5 second address: 9E71DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991AB0 second address: 991AB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991AB6 second address: 991B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, cx 0x00000011 mov ebx, dword ptr [ebp+12480A05h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007FF518700CB8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 jl 00007FF518700CCDh 0x00000037 pushad 0x00000038 movsx eax, si 0x0000003b call 00007FF518700CC1h 0x00000040 pop ecx 0x00000041 popad 0x00000042 add eax, ebx 0x00000044 mov ecx, 004B8506h 0x00000049 movsx edx, ax 0x0000004c nop 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991B20 second address: 991B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 991B25 second address: 991B3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FF518700CC4h 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007FF518700CB6h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9EA6DE second address: 9EA6F0 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FF5188675A6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9EDC12 second address: 9EDC20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FF518700CB6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9EDC20 second address: 9EDC39 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FF5188675AEh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9EDC39 second address: 9EDC44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF518700CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9EE3BE second address: 9EE3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6DE4 second address: 9F6E18 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF518700CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FF518700CBEh 0x00000010 pushad 0x00000011 popad 0x00000012 jns 00007FF518700CB6h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF518700CC6h 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6E18 second address: 9F6E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6E1C second address: 9F6E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF518700CC2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6E38 second address: 9F6E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6E3C second address: 9F6E40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6E40 second address: 9F6E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F5368 second address: 9F536C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6249 second address: 9F6256 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6256 second address: 9F6260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6260 second address: 9F6266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F67CF second address: 9F67D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F67D3 second address: 9F67F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FF5188675B2h 0x0000000f jl 00007FF5188675A6h 0x00000015 jne 00007FF5188675A6h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F67F5 second address: 9F67FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6ADB second address: 9F6AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6AE4 second address: 9F6AF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF518700CB6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6AF0 second address: 9F6B00 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6B00 second address: 9F6B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F6B04 second address: 9F6B0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F9F17 second address: 9F9F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FF518700CB8h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F9F34 second address: 9F9F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9F9F38 second address: 9F9F48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9FA793 second address: 9FA7BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675AFh 0x00000007 jmp 00007FF5188675B9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9FA7BF second address: 9FA7D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CBCh 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9FA962 second address: 9FA96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9FA96C second address: 9FA975 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 9FAAD7 second address: 9FAADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A01980 second address: A01984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A079E5 second address: A07A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B6h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A07A05 second address: A07A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A07B6F second address: A07B83 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF5188675A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FF5188675A6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A0865B second address: A0866B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FF518700CB6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A09629 second address: A09639 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF5188675B2h 0x00000008 js 00007FF5188675A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A07505 second address: A0750A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A0FEAB second address: A0FEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A0FFFC second address: A1000A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF518700CB6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A1000A second address: A1001F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A1001F second address: A10025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A10025 second address: A10029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A10029 second address: A1002D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A1CE69 second address: A1CE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A220AF second address: A220DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF518700CC8h 0x0000000d jmp 00007FF518700CBBh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A220DA second address: A220E4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF5188675B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A220E4 second address: A220EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A21D58 second address: A21D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FF5188675ACh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A21D6C second address: A21D77 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A21D77 second address: A21D8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF5188675AFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A307F5 second address: A307FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A39F05 second address: A39F09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A39F09 second address: A39F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF518700CBDh 0x0000000c je 00007FF518700CB6h 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A089 second address: A3A093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A093 second address: A3A09D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF518700CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A388 second address: A3A392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF5188675A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A392 second address: A3A3B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A3B0 second address: A3A3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A3B6 second address: A3A3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 ja 00007FF518700CB6h 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A3C8 second address: A3A3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3A3D7 second address: A3A3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3AF42 second address: A3AF4E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3AF4E second address: A3AF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3AF52 second address: A3AF56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3AF56 second address: A3AF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CC9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A3D923 second address: A3D96B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B7h 0x00000007 jmp 00007FF5188675B7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 jp 00007FF5188675ACh 0x00000016 jg 00007FF5188675A6h 0x0000001c jp 00007FF5188675C2h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5B5CA second address: A5B609 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007FF518700CC5h 0x0000000e jmp 00007FF518700CBEh 0x00000013 popad 0x00000014 jmp 00007FF518700CC2h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5B609 second address: A5B625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FF5188675A6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D377 second address: A5D393 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF518700CC6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D393 second address: A5D399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D399 second address: A5D39F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D39F second address: A5D3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF5188675ACh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D3B7 second address: A5D3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D4E9 second address: A5D4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A5D4ED second address: A5D4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A75D40 second address: A75D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A75D49 second address: A75D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jnp 00007FF518700CB6h 0x0000000c je 00007FF518700CB6h 0x00000012 js 00007FF518700CB6h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A75D62 second address: A75D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jno 00007FF5188675A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A75EB4 second address: A75EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF518700CB6h 0x0000000a jmp 00007FF518700CC6h 0x0000000f popad 0x00000010 pop edi 0x00000011 pushad 0x00000012 ja 00007FF518700CBCh 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7618B second address: A76199 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A76199 second address: A7619F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7673A second address: A7673E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7673E second address: A7674F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007FF518700CD2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7674F second address: A76753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A76753 second address: A76761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FF518700CBEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A768CE second address: A768D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A768D5 second address: A7690B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FF518700CC4h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF518700CC1h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7690B second address: A7691A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF5188675ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A76BDB second address: A76BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A78554 second address: A78558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A78558 second address: A7856D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007FF518700CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jnl 00007FF518700CB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7856D second address: A78578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A78578 second address: A78586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF518700CBAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A78586 second address: A7858C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7858C second address: A785A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FF518700CC2h 0x0000000c push ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A785A9 second address: A785B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7ADA7 second address: A7ADAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7ADAC second address: A7ADCF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FF5188675A6h 0x00000009 je 00007FF5188675A6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FF5188675AEh 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7B091 second address: A7B0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF518700CB6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f push ecx 0x00000010 mov dh, al 0x00000012 pop edx 0x00000013 mov edx, dword ptr [ebp+12450216h] 0x00000019 push 00000004h 0x0000001b call 00007FF518700CBAh 0x00000020 xor dh, 00000016h 0x00000023 pop edx 0x00000024 mov edx, edi 0x00000026 push 5047B3E0h 0x0000002b jg 00007FF518700CBEh 0x00000031 push ecx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7CD26 second address: A7CD2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7CD2B second address: A7CD31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7CD31 second address: A7CD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7CD3B second address: A7CD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7E7EC second address: A7E808 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF5188675B6h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: A7E808 second address: A7E819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FF518700CB6h 0x00000009 jbe 00007FF518700CB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 959DF2 second address: 959DF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 50C0CAB second address: 50C0D41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, dword ptr [eax+00000FDCh] 0x0000000d jmp 00007FF518700CBAh 0x00000012 test ecx, ecx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FF518700CBEh 0x0000001b or eax, 1A75E058h 0x00000021 jmp 00007FF518700CBBh 0x00000026 popfd 0x00000027 mov bh, ah 0x00000029 popad 0x0000002a jns 00007FF518700CD7h 0x00000030 jmp 00007FF518700CBBh 0x00000035 add eax, ecx 0x00000037 pushad 0x00000038 mov ebx, ecx 0x0000003a jmp 00007FF518700CC0h 0x0000003f popad 0x00000040 mov eax, dword ptr [eax+00000860h] 0x00000046 jmp 00007FF518700CC0h 0x0000004b test eax, eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FF518700CC7h 0x00000054 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 50C0D41 second address: 50C0D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF5188675B4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 50C0D59 second address: 50C0D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 50C0D5D second address: 50C0D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF58921D5A0h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 50C0D71 second address: 50C0D77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |