Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.2083733508.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082972525.0000000001002000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.0000000001000000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083733508.0000000001003000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000002.2083733508.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082935416.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083768341.000000000102C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000002.2083733508.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2083594000.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2082791539.0000000001065000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082791539.0000000001060000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082831639.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.2082972525.000000000100D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 2B3C4B second address: 2B3C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 2B3C4F second address: 2B3C53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 412FFF second address: 413041 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBD0D1E3BE2h 0x00000008 push ebx 0x00000009 jne 00007FBD0D1E3BD6h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007FBD0D1E3BDFh 0x0000001a push ecx 0x0000001b jg 00007FBD0D1E3BD6h 0x00000021 js 00007FBD0D1E3BD6h 0x00000027 pop ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 413041 second address: 413045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 413045 second address: 413049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4310FD second address: 431114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D0D9CF3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4312A5 second address: 4312BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BE0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4312BB second address: 4312BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4316DE second address: 4316E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434563 second address: 4345EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edi 0x0000000d ja 00007FBD0D0D9CE6h 0x00000013 pop edi 0x00000014 jmp 00007FBD0D0D9CF9h 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d mov cl, ah 0x0000001f adc si, AE20h 0x00000024 call 00007FBD0D0D9CE9h 0x00000029 jns 00007FBD0D0D9CEAh 0x0000002f push ebx 0x00000030 push eax 0x00000031 pop eax 0x00000032 pop ebx 0x00000033 push eax 0x00000034 jmp 00007FBD0D0D9CF9h 0x00000039 mov eax, dword ptr [esp+04h] 0x0000003d push ecx 0x0000003e push edi 0x0000003f push esi 0x00000040 pop esi 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 mov eax, dword ptr [eax] 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4345EC second address: 4345F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4345F0 second address: 43460F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FBD0D0D9CEEh 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 43460F second address: 434614 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434614 second address: 4346AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FBD0D0D9CE8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 jmp 00007FBD0D0D9CEEh 0x00000027 push 00000003h 0x00000029 sub dword ptr [ebp+122D2D4Ah], eax 0x0000002f push 00000000h 0x00000031 mov edx, dword ptr [ebp+122D2C76h] 0x00000037 push 00000003h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007FBD0D0D9CE8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Dh 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 mov ecx, dword ptr [ebp+122D2CAAh] 0x00000059 push 961475D1h 0x0000005e jnp 00007FBD0D0D9D19h 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007FBD0D0D9CF8h 0x0000006b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434766 second address: 434770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434770 second address: 434774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434774 second address: 434778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434778 second address: 434820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D29F2h] 0x0000000e push 00000000h 0x00000010 jns 00007FBD0D0D9CECh 0x00000016 or ecx, 45BD9D2Fh 0x0000001c push 4F355109h 0x00000021 pushad 0x00000022 jnc 00007FBD0D0D9CE8h 0x00000028 push edi 0x00000029 push esi 0x0000002a pop esi 0x0000002b pop edi 0x0000002c popad 0x0000002d xor dword ptr [esp], 4F355189h 0x00000034 clc 0x00000035 push 00000003h 0x00000037 push ebx 0x00000038 mov edx, 03CF7AF5h 0x0000003d pop edi 0x0000003e mov dword ptr [ebp+122D1C74h], edi 0x00000044 push 00000000h 0x00000046 pushad 0x00000047 jmp 00007FBD0D0D9CF7h 0x0000004c ja 00007FBD0D0D9CE7h 0x00000052 popad 0x00000053 push 00000003h 0x00000055 push 00000000h 0x00000057 push edx 0x00000058 call 00007FBD0D0D9CE8h 0x0000005d pop edx 0x0000005e mov dword ptr [esp+04h], edx 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc edx 0x0000006b push edx 0x0000006c ret 0x0000006d pop edx 0x0000006e ret 0x0000006f jl 00007FBD0D0D9CEBh 0x00000075 sub si, 79D3h 0x0000007a call 00007FBD0D0D9CE9h 0x0000007f push eax 0x00000080 push edx 0x00000081 jmp 00007FBD0D0D9CEBh 0x00000086 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434820 second address: 434835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BE1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434835 second address: 43486E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e jp 00007FBD0D0D9CECh 0x00000014 pop eax 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push ebx 0x0000001a jmp 00007FBD0D0D9CF1h 0x0000001f pop ebx 0x00000020 mov eax, dword ptr [eax] 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 43486E second address: 434872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434872 second address: 4348B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jo 00007FBD0D0D9CF6h 0x00000011 jmp 00007FBD0D0D9CF0h 0x00000016 pop eax 0x00000017 mov dx, 678Fh 0x0000001b lea ebx, dword ptr [ebp+12454441h] 0x00000021 jmp 00007FBD0D0D9CEAh 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push esi 0x0000002b pop esi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4348B0 second address: 4348B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434991 second address: 434A00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b js 00007FBD0D0D9CEAh 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 pop eax 0x00000016 mov di, F9B5h 0x0000001a mov esi, dword ptr [ebp+122D2BCAh] 0x00000020 push 00000003h 0x00000022 push ecx 0x00000023 sbb cl, 00000072h 0x00000026 pop edx 0x00000027 push 00000000h 0x00000029 or cx, 7B9Fh 0x0000002e push 00000003h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007FBD0D0D9CE8h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a jmp 00007FBD0D0D9CF3h 0x0000004f push CC1D1200h 0x00000054 push eax 0x00000055 push edx 0x00000056 push edi 0x00000057 pushad 0x00000058 popad 0x00000059 pop edi 0x0000005a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 434A00 second address: 434A0A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBD0D1E3BDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4457DC second address: 4457E6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4532D1 second address: 4532E1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBD0D1E3BD6h 0x00000008 jo 00007FBD0D1E3BD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453749 second address: 45377E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBD0D0D9CE6h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FBD0D0D9CEBh 0x00000013 pushad 0x00000014 jnc 00007FBD0D0D9CE6h 0x0000001a jmp 00007FBD0D0D9CF2h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453A0A second address: 453A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453A0E second address: 453A17 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453A17 second address: 453A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453CE2 second address: 453CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CECh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453E8B second address: 453E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453E8F second address: 453E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453E93 second address: 453E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 453E99 second address: 453EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D0D9CECh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45400F second address: 454030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BDFh 0x00000007 jmp 00007FBD0D1E3BDEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45417A second address: 454180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 454180 second address: 4541A6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FBD0D1E3BF2h 0x0000000e jmp 00007FBD0D1E3BE6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4541A6 second address: 4541C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007FBD0D0D9CE6h 0x0000000c jmp 00007FBD0D0D9CF3h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 44B752 second address: 44B756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 454E52 second address: 454E70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CF7h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4550FE second address: 455102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458441 second address: 458447 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458447 second address: 45844B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45844B second address: 45846E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBD0D0D9CF8h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45846E second address: 45853D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FBD0D1E3BE4h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 cld 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e pushad 0x0000001f ja 00007FBD0D1E3BDCh 0x00000025 adc edx, 2927BD97h 0x0000002b sub bx, 3BEFh 0x00000030 popad 0x00000031 lea eax, dword ptr [ebp+124789ABh] 0x00000037 jl 00007FBD0D1E3BE1h 0x0000003d mov dword ptr [eax+01h], esp 0x00000040 cmc 0x00000041 lea eax, dword ptr [ebp+124789B1h] 0x00000047 push 00000000h 0x00000049 push esi 0x0000004a call 00007FBD0D1E3BD8h 0x0000004f pop esi 0x00000050 mov dword ptr [esp+04h], esi 0x00000054 add dword ptr [esp+04h], 00000017h 0x0000005c inc esi 0x0000005d push esi 0x0000005e ret 0x0000005f pop esi 0x00000060 ret 0x00000061 stc 0x00000062 jnc 00007FBD0D1E3BD7h 0x00000068 cld 0x00000069 mov dword ptr [eax+01h], ebp 0x0000006c jmp 00007FBD0D1E3BE1h 0x00000071 mov byte ptr [ebp+122D2D55h], 0000004Fh 0x00000078 jmp 00007FBD0D1E3BE1h 0x0000007d push 839F993Ah 0x00000082 js 00007FBD0D1E3BE0h 0x00000088 pushad 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 45754A second address: 45754E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458639 second address: 458661 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FBD0D1E3BD6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458661 second address: 458667 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458667 second address: 458689 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FBD0D1E3BD6h 0x00000009 jl 00007FBD0D1E3BD6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jp 00007FBD0D1E3BD6h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 458689 second address: 4586DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jp 00007FBD0D0D9D01h 0x00000011 jg 00007FBD0D0D9CFBh 0x00000017 jmp 00007FBD0D0D9CF5h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FBD0D0D9CF9h 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4586DF second address: 4586E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4586E3 second address: 4586E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4586E9 second address: 4586EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4586EF second address: 4586F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4586F3 second address: 4586F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4588C5 second address: 4588CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 414A4C second address: 414A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460AC2 second address: 460AC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460AC6 second address: 460ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460ACC second address: 460AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FBD0D0D9CEAh 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 je 00007FBD0D0D9CEEh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42C0CE second address: 42C0D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42C0D4 second address: 42C0E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FBD0D0D9CE8h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460369 second address: 46036D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460603 second address: 460612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jnc 00007FBD0D0D9CE6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460612 second address: 460634 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BDDh 0x00000007 jmp 00007FBD0D1E3BE1h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46091A second address: 460937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CF9h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460937 second address: 46093B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46093B second address: 460947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 460947 second address: 46094D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46094D second address: 460967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FBD0D0D9CF5h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4626B7 second address: 4626BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462834 second address: 462852 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462852 second address: 462856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462A36 second address: 462A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBD0D0D9CE6h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push esi 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462B36 second address: 462B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462C21 second address: 462C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462C25 second address: 462C2F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462CEA second address: 462CFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462CFD second address: 462D10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BDFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 462D10 second address: 462D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46317E second address: 463187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 463187 second address: 46318B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46318B second address: 4631F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007FBD0D1E3BD8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 movsx esi, ax 0x00000027 nop 0x00000028 pushad 0x00000029 jns 00007FBD0D1E3BDCh 0x0000002f jmp 00007FBD0D1E3BE2h 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FBD0D1E3BE9h 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4632AE second address: 4632B3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4634A4 second address: 4634A9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46363D second address: 463643 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4636CC second address: 4636EF instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, eax 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 jmp 00007FBD0D1E3BDEh 0x00000019 pop ebx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4636EF second address: 463720 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FBD0D0D9CEDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBD0D0D9CF9h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 463720 second address: 463726 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 464763 second address: 464767 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 464767 second address: 46476D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 464F56 second address: 464F71 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBD0D0D9CECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnp 00007FBD0D0D9CF8h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 464F71 second address: 464F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46630E second address: 466360 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBD0D0D9CECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d je 00007FBD0D0D9CF2h 0x00000013 jmp 00007FBD0D0D9CECh 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b xor esi, dword ptr [ebp+12465E02h] 0x00000021 pop esi 0x00000022 push 00000000h 0x00000024 xchg eax, ebx 0x00000025 jmp 00007FBD0D0D9CF6h 0x0000002a push eax 0x0000002b jo 00007FBD0D0D9CF4h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 464F75 second address: 464F79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 467954 second address: 4679EA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FBD0D0D9CF0h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FBD0D0D9CE8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D1C0Fh], esi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007FBD0D0D9CE8h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e mov di, si 0x00000051 push 00000000h 0x00000053 xchg eax, ebx 0x00000054 pushad 0x00000055 pushad 0x00000056 jmp 00007FBD0D0D9CF3h 0x0000005b jmp 00007FBD0D0D9CF2h 0x00000060 popad 0x00000061 push eax 0x00000062 push edx 0x00000063 push edi 0x00000064 pop edi 0x00000065 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 467699 second address: 46769E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46AA40 second address: 46AA6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FBD0D0D9CECh 0x00000011 jmp 00007FBD0D0D9CEEh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4696EB second address: 4696EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46AA6A second address: 46AA75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FBD0D0D9CE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4696EF second address: 4696F5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 422112 second address: 422116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 422116 second address: 422124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FBD0D1E3BDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 422124 second address: 422128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 422128 second address: 42212E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42212E second address: 422132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46E9C6 second address: 46EA35 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBD0D1E3BDCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+1246D60Fh], eax 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FBD0D1E3BD8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FBD0D1E3BD8h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b mov ebx, dword ptr [ebp+122D2C62h] 0x00000051 or bh, FFFFFFFDh 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 pushad 0x00000057 jc 00007FBD0D1E3BD6h 0x0000005d pushad 0x0000005e popad 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 push ebx 0x00000063 pop ebx 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46F9A6 second address: 46F9B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FBD0D0D9CE6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46F9B6 second address: 46F9BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 470A88 second address: 470A9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D0D9CF0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4736E6 second address: 4736EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4736EA second address: 4736F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 475756 second address: 4757C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 nop 0x00000009 movzx edi, bx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007FBD0D1E3BD8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 pushad 0x00000029 jmp 00007FBD0D1E3BDAh 0x0000002e mov dword ptr [ebp+122D34DCh], edi 0x00000034 popad 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007FBD0D1E3BD8h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 xchg eax, esi 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 jnp 00007FBD0D1E3BD6h 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4757C5 second address: 4757D2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 47EC70 second address: 47EC74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4769E0 second address: 4769F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4769F9 second address: 476A0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBD0D1E3BDEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 477A8A second address: 477A94 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 479FE0 second address: 479FEA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 47F304 second address: 47F35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c pop ebx 0x0000000d nop 0x0000000e mov bh, al 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FBD0D0D9CE8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c or bx, 00E7h 0x00000031 mov edi, eax 0x00000033 push 00000000h 0x00000035 movzx ebx, cx 0x00000038 xchg eax, esi 0x00000039 push ebx 0x0000003a jnp 00007FBD0D0D9CECh 0x00000040 jg 00007FBD0D0D9CE6h 0x00000046 pop ebx 0x00000047 push eax 0x00000048 jl 00007FBD0D0D9CF4h 0x0000004e push eax 0x0000004f push edx 0x00000050 push edi 0x00000051 pop edi 0x00000052 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 477A94 second address: 477AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BDDh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 479FEA second address: 479FF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FBD0D0D9CE6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 47A0BE second address: 47A0C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FBD0D1E3BD6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48028C second address: 4802BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push ecx 0x00000008 jnp 00007FBD0D0D9CECh 0x0000000e pop ecx 0x0000000f nop 0x00000010 sub di, 1682h 0x00000015 push 00000000h 0x00000017 mov bx, di 0x0000001a sub dword ptr [ebp+122D2F1Dh], ecx 0x00000020 push 00000000h 0x00000022 mov ebx, dword ptr [ebp+122D2BC2h] 0x00000028 push eax 0x00000029 push eax 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 482CA5 second address: 482CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jp 00007FBD0D1E3BE1h 0x0000000b jmp 00007FBD0D1E3BDBh 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FBD0D1E3BD6h 0x00000018 ja 00007FBD0D1E3BD6h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48AF43 second address: 48AF59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48AF59 second address: 48AF5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41811B second address: 41811F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A66D second address: 48A685 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FBD0D1E3BDEh 0x00000010 jc 00007FBD0D1E3BD6h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A7D0 second address: 48A7D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A7D4 second address: 48A7E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A7E2 second address: 48A7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CF9h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A7FF second address: 48A828 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FBD0D1E3BDCh 0x0000000c jbe 00007FBD0D1E3BD6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBD0D1E3BE1h 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A828 second address: 48A833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FBD0D0D9CE6h 0x0000000a pop ebx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A833 second address: 48A83D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FBD0D1E3BD6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48A83D second address: 48A84A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48AB26 second address: 48AB2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48F9BD second address: 48F9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 48F9C1 second address: 48F9C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4948FC second address: 494915 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007FBD0D0D9CF8h 0x00000011 js 00007FBD0D0D9CECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 494AA1 second address: 494AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 494AA5 second address: 494ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007FBD0D0D9CE8h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 494ACE second address: 494AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 494DCA second address: 494DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FBD0D0D9CE6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 495098 second address: 49509C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 495333 second address: 495338 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49ACE6 second address: 49AD05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE6h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49AD05 second address: 49AD09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49AD09 second address: 49AD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4998D8 second address: 4998DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4998DF second address: 49990A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE7h 0x00000007 push edi 0x00000008 jmp 00007FBD0D1E3BDFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499A32 second address: 499A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499E7F second address: 499E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FBD0D1E3BD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499E8E second address: 499E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499E94 second address: 499E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499E9D second address: 499ECE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF5h 0x00000007 ja 00007FBD0D0D9CE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 jnp 00007FBD0D0D9CECh 0x00000017 jbe 00007FBD0D0D9CE6h 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 pop edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49A3D7 second address: 49A3F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE0h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jnc 00007FBD0D1E3BD6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49A52B second address: 49A54E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4165AA second address: 4165C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4165C3 second address: 4165E6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FBD0D0D9CF6h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49AAFC second address: 49AB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE2h 0x00000009 jp 00007FBD0D1E3BD6h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49AB19 second address: 49AB81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF4h 0x00000007 pushad 0x00000008 jmp 00007FBD0D0D9CF9h 0x0000000d jmp 00007FBD0D0D9CF5h 0x00000012 jmp 00007FBD0D0D9CF9h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49AB81 second address: 49ABBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007FBD0D1E3BD8h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FBD0D1E3BDEh 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FBD0D1E3BE5h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 499494 second address: 49949A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 49949A second address: 4994A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4994A7 second address: 4994AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A2BAF second address: 4A2BB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A2BB3 second address: 4A2BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A2BB9 second address: 4A2BBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A1AC5 second address: 4A1AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46B6CE second address: 44B752 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jo 00007FBD0D1E3BD6h 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 jc 00007FBD0D1E3BEDh 0x0000001b call dword ptr [ebp+122D2FCAh] 0x00000021 jmp 00007FBD0D1E3BE0h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46BBB1 second address: 46BBBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FBD0D0D9CE6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46BD2C second address: 46BD51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007FBD0D1E3BD6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 6BFA8C25h 0x00000013 and cl, FFFFFFA8h 0x00000016 push 4F68897Eh 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e jbe 00007FBD0D1E3BD6h 0x00000024 pop ecx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C1A0 second address: 46C21B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FBD0D0D9CE6h 0x00000009 jmp 00007FBD0D0D9CF1h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007FBD0D0D9CF8h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FBD0D0D9CE8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 adc di, 4377h 0x00000037 push 00000004h 0x00000039 jmp 00007FBD0D0D9CF2h 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 pop esi 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C8BE second address: 46C8C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C9C9 second address: 46C9F4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FBD0D0D9CE8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jnl 00007FBD0D0D9CE8h 0x00000013 lea eax, dword ptr [ebp+1248B459h] 0x00000019 add edi, 4A78A901h 0x0000001f nop 0x00000020 jc 00007FBD0D0D9CF4h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C9F4 second address: 46CA05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBD0D1E3BD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A21B9 second address: 4A21BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A235A second address: 4A2367 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A2367 second address: 4A2385 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CF8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A2385 second address: 4A23A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FBD0D1E3BDFh 0x0000000c jc 00007FBD0D1E3BD6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A23A1 second address: 4A23C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF4h 0x00000007 jc 00007FBD0D0D9CE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A23C5 second address: 4A23C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A23C9 second address: 4A23D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A906A second address: 4A9081 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBD0D1E3BDCh 0x00000008 pushad 0x00000009 jns 00007FBD0D1E3BD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A9081 second address: 4A9093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBD0D0D9CE6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A9093 second address: 4A9099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A7E3D second address: 4A7E69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FBD0D0D9CEEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBD0D0D9CF3h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8348 second address: 4A8380 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBD0D1E3BD6h 0x00000008 js 00007FBD0D1E3BD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007FBD0D1E3BF0h 0x00000016 push esi 0x00000017 pop esi 0x00000018 jmp 00007FBD0D1E3BE8h 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8380 second address: 4A838B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A838B second address: 4A83A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE6h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8502 second address: 4A8508 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8508 second address: 4A850E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A7AFC second address: 4A7B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A7B02 second address: 4A7B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A7B07 second address: 4A7B0C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A7B0C second address: 4A7B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE4h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A87E2 second address: 4A87E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A87E8 second address: 4A8807 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d je 00007FBD0D1E3BD6h 0x00000013 popad 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007FBD0D1E3BD8h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8957 second address: 4A895C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A895C second address: 4A8970 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jne 00007FBD0D1E3BDCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8A8B second address: 4A8A99 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8A99 second address: 4A8A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8A9D second address: 4A8AB3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jo 00007FBD0D0D9CE6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8AB3 second address: 4A8AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8D72 second address: 4A8D98 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBD0D0D9CF4h 0x00000011 jo 00007FBD0D0D9CE6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A8D98 second address: 4A8DA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FBD0D1E3BD6h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED57 second address: 41ED5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED5B second address: 41ED60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED60 second address: 41ED71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED71 second address: 41ED75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED75 second address: 41ED79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED79 second address: 41ED83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED83 second address: 41ED88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 41ED88 second address: 41ED98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FBD0D1E3BD6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4AE97E second address: 4AE984 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4AE984 second address: 4AE988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B14E1 second address: 4B14F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FBD0D0D9CEBh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B14F6 second address: 4B150F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B17F5 second address: 4B17FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B3325 second address: 4B332B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B332B second address: 4B3332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8680 second address: 4B86A7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FBD0D1E3BD6h 0x00000008 jmp 00007FBD0D1E3BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B86A7 second address: 4B86AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B86AB second address: 4B86C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B86C9 second address: 4B86EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBD0D0D9CF9h 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B86EE second address: 4B86F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B86F4 second address: 4B86FA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8853 second address: 4B8857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8857 second address: 4B8883 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF0h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FBD0D0D9CECh 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8883 second address: 4B8889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8889 second address: 4B889E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FBD0D0D9CEEh 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B889E second address: 4B88B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BDEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B88B0 second address: 4B88DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CEDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007FBD0D0D9CE6h 0x00000013 jmp 00007FBD0D0D9CF1h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C4C6 second address: 46C4CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46C4CA second address: 46C4D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4B8D1C second address: 4B8D26 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBD0D1E3BDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE7F3 second address: 4BE7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE7F9 second address: 4BE802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE802 second address: 4BE806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE806 second address: 4BE80A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE80A second address: 4BE810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BDB45 second address: 4BDB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BDB50 second address: 4BDB54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BDB54 second address: 4BDB5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BDC8E second address: 4BDCE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007FBD0D0D9CECh 0x0000000f jno 00007FBD0D0D9CE6h 0x00000015 jmp 00007FBD0D0D9CF1h 0x0000001a popad 0x0000001b push ecx 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f pop edx 0x00000020 js 00007FBD0D0D9CF7h 0x00000026 jmp 00007FBD0D0D9CEBh 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BDE06 second address: 4BDE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE0D4 second address: 4BE0F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FBD0D0D9CE6h 0x0000000c popad 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007FBD0D0D9CF1h 0x00000016 jmp 00007FBD0D0D9CEBh 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE240 second address: 4BE24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4BE3C2 second address: 4BE3E1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jl 00007FBD0D0D9D0Dh 0x0000000f jmp 00007FBD0D0D9CECh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C1800 second address: 4C1806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C1806 second address: 4C1830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jl 00007FBD0D0D9CE6h 0x0000000c popad 0x0000000d jmp 00007FBD0D0D9CF7h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C10BA second address: 4C10C6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBD0D1E3BD6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C10C6 second address: 4C10CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C9AE3 second address: 4C9AEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C8273 second address: 4C8277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C88CA second address: 4C88D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C8B8D second address: 4C8BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f ja 00007FBD0D0D9CE6h 0x00000015 jmp 00007FBD0D0D9CF5h 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C8E47 second address: 4C8E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C8E4B second address: 4C8E79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF6h 0x00000007 jmp 00007FBD0D0D9CF0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C8E79 second address: 4C8E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FBD0D1E3BD6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D126A second address: 4D129A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBD0D0D9CE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FBD0D0D9CEBh 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FBD0D0D9CEDh 0x0000001b popad 0x0000001c pop esi 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D129A second address: 4D129E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D129E second address: 4D12AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CECh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D12AE second address: 4D12BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007FBD0D1E3BD6h 0x0000000d pop ecx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1522 second address: 4D1526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1526 second address: 4D152A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D194B second address: 4D1951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1951 second address: 4D1955 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1AA8 second address: 4D1AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1AAC second address: 4D1AB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1AB4 second address: 4D1ADA instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBD0D0D9CEEh 0x00000008 jng 00007FBD0D0D9CE6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FBD0D0D9CF2h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1ADA second address: 4D1B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FBD0D1E3BE3h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D1B08 second address: 4D1B4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007FBD0D0D9CF4h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FBD0D0D9CF3h 0x00000014 jmp 00007FBD0D0D9CF1h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D7DD9 second address: 4D7DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D7DDF second address: 4D7DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D7DE7 second address: 4D7DF3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBD0D1E3BD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D8084 second address: 4D80C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF4h 0x00000007 jbe 00007FBD0D0D9CE8h 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jne 00007FBD0D0D9CE6h 0x00000019 jmp 00007FBD0D0D9CF6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D80C4 second address: 4D80CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D80CD second address: 4D80DC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D88E1 second address: 4D88EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D88EA second address: 4D88F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D915E second address: 4D917E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FBD0D1E3BE5h 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D917E second address: 4D918F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CECh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4D98B4 second address: 4D98B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4DE708 second address: 4DE723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E2982 second address: 4E2993 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E2993 second address: 4E29F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007FBD0D0D9CF8h 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FBD0D0D9CECh 0x00000015 jmp 00007FBD0D0D9CF5h 0x0000001a pushad 0x0000001b jmp 00007FBD0D0D9CF7h 0x00000020 jp 00007FBD0D0D9CE6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E2339 second address: 4E2351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FBD0D1E3BD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007FBD0D1E3BD8h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E2351 second address: 4E2357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E2357 second address: 4E235B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E235B second address: 4E235F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E247B second address: 4E24B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jmp 00007FBD0D1E3BE7h 0x0000000c popad 0x0000000d jc 00007FBD0D1E3BE2h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 ja 00007FBD0D1E3BE2h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0652 second address: 4F0658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42A586 second address: 42A5A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 js 00007FBD0D1E3BD6h 0x0000000c jmp 00007FBD0D1E3BDFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42A5A3 second address: 42A5A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42A5A8 second address: 42A5AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 42A5AE second address: 42A5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0263 second address: 4F0267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F0267 second address: 4F026D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F5581 second address: 4F5598 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FBD0D1E3BDEh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4256A0 second address: 4256CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FBD0D0D9CEDh 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FBD0D0D9CF2h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4256CA second address: 4256E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE3h 0x00000009 jg 00007FBD0D1E3BD6h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F5130 second address: 4F5134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F5134 second address: 4F5155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FBD0D1E3BE2h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F5155 second address: 4F515B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F515B second address: 4F5163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4F5163 second address: 4F5167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4FDB0B second address: 4FDB0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4FDB0F second address: 4FDB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5047D4 second address: 5047EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE0h 0x00000009 jne 00007FBD0D1E3BD6h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5047EF second address: 5047F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50C0D7 second address: 50C0DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50C0DD second address: 50C0E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50C231 second address: 50C259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE7h 0x00000009 push esi 0x0000000a jmp 00007FBD0D1E3BDAh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50C3F0 second address: 50C3F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510BA7 second address: 510BAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510BAB second address: 510BAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510BAF second address: 510BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510BB5 second address: 510BBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510BBB second address: 510C04 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBD0D1E3BECh 0x00000008 push edx 0x00000009 jmp 00007FBD0D1E3BDBh 0x0000000e jmp 00007FBD0D1E3BE2h 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007FBD0D1E3BD8h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 510C04 second address: 510C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 51AA59 second address: 51AA66 instructions: 0x00000000 rdtsc 0x00000002 je 00007FBD0D1E3BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 51AA66 second address: 51AA6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 51AA6B second address: 51AA9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FBD0D1E3BE3h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C59D second address: 52C5A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52DCCD second address: 52DCD7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBD0D1E3BD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52FC08 second address: 52FC29 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FBD0D0D9CE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FBD0D0D9CF5h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52FC29 second address: 52FC31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52FC31 second address: 52FC4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBD0D0D9CEBh 0x0000000f push edx 0x00000010 jnp 00007FBD0D0D9CE6h 0x00000016 pop edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52FC4E second address: 52FC53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52FC53 second address: 52FC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CEBh 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 53147F second address: 5314A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FBD0D1E3BE8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5314A0 second address: 5314C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FBD0D0D9CF9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5314C2 second address: 5314DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a js 00007FBD0D1E3BFDh 0x00000010 js 00007FBD0D1E3BE2h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 531295 second address: 5312B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CF8h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AAFD second address: 54AB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AB11 second address: 54AB15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AB15 second address: 54AB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AB1B second address: 54AB21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AB21 second address: 54AB28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54AB28 second address: 54AB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D0D9CEFh 0x00000009 jp 00007FBD0D0D9CE6h 0x0000000f popad 0x00000010 jns 00007FBD0D0D9CFDh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push edi 0x00000019 jmp 00007FBD0D0D9CECh 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549A1E second address: 549A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549A22 second address: 549A44 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jc 00007FBD0D0D9CE6h 0x00000011 jmp 00007FBD0D0D9CEDh 0x00000016 pop ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549A44 second address: 549A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549CEB second address: 549CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549CEF second address: 549CF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549E36 second address: 549E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549E3A second address: 549E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBD0D1E3BE7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c jo 00007FBD0D1E3BF4h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FBD0D1E3BE2h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 549E72 second address: 549E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54A3F2 second address: 54A3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54A3F6 second address: 54A3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54A3FA second address: 54A404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D71F second address: 54D725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D725 second address: 54D729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D729 second address: 54D737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D737 second address: 54D73E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D73E second address: 54D7B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D0D9CF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dl, ch 0x0000000c push 00000004h 0x0000000e mov dx, di 0x00000011 mov dword ptr [ebp+122D394Fh], eax 0x00000017 call 00007FBD0D0D9CE9h 0x0000001c jnc 00007FBD0D0D9CF8h 0x00000022 push eax 0x00000023 jmp 00007FBD0D0D9CF4h 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c jmp 00007FBD0D0D9CEBh 0x00000031 mov eax, dword ptr [eax] 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54D7B5 second address: 54D7B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54DA66 second address: 54DA6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54DA6A second address: 54DA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007FBD0D1E3BD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54DA79 second address: 54DA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FBD0D0D9CE8h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54DA8A second address: 54DA90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 54DA90 second address: 54DA94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 550537 second address: 550566 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBD0D1E3BE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FBD0D1E3BE8h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 552440 second address: 552446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60C54 second address: 4E60C5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60C5A second address: 4E60C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60C5E second address: 4E60C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60C62 second address: 4E60CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FBD0D0D9CF2h 0x00000015 sbb si, 1F18h 0x0000001a jmp 00007FBD0D0D9CEBh 0x0000001f popfd 0x00000020 mov ax, 56CFh 0x00000024 popad 0x00000025 test ecx, ecx 0x00000027 pushad 0x00000028 mov esi, 359B50C7h 0x0000002d pushad 0x0000002e mov di, si 0x00000031 pushfd 0x00000032 jmp 00007FBD0D0D9CF6h 0x00000037 and cl, FFFFFFA8h 0x0000003a jmp 00007FBD0D0D9CEBh 0x0000003f popfd 0x00000040 popad 0x00000041 popad 0x00000042 jns 00007FBD0D0D9D2Bh 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60CDA second address: 4E60CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBD0D1E3BE8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60CF6 second address: 4E60D0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FBD0D0D9CEAh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60D0C second address: 4E60D52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 2C416014h 0x00000008 mov eax, edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax+00000860h] 0x00000013 jmp 00007FBD0D1E3BDFh 0x00000018 test eax, eax 0x0000001a jmp 00007FBD0D1E3BE6h 0x0000001f je 00007FBD7DDF9BEFh 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60D52 second address: 4E60D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4E60D56 second address: 4E60D5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 46567A second address: 465684 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBD0D0D9CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |