Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497527481.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=eng |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1497664141.000000000093E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.000000000093E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://licendfilteo.site/api |
Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://licendfilteo.site:443/api |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1486468820.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497588665.0000000000986000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.0000000000973000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1511007662.0000000000987000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.0000000000972000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1511007662.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486574827.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api |
Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com:443/api |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1497664141.0000000000953000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510805596.0000000000953000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1510942649.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497543262.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486553065.000000000097C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000002.1510805596.0000000000935000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497664141.0000000000935000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1486574827.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486529765.00000000009C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1486451063.00000000009D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1497436211.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1486468820.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1497631958.00000000009C4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1486468820.000000000097E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 101013B second address: 1010140 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1010279 second address: 1010284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1010284 second address: 10102A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a jmp 00007F8F60FAA5C8h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102A6 second address: 10102B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102B1 second address: 10102BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102BD second address: 10102CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102CC second address: 10102D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102D0 second address: 10102DC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60F8A966h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10102DC second address: 10102E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012B9B second address: 1012B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012B9F second address: 1012BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012BA8 second address: 1012BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pop ecx 0x0000000f nop 0x00000010 mov ecx, esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F8F60F8A968h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e call 00007F8F60F8A969h 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012BE8 second address: 1012BF9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012BF9 second address: 1012C02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012CA1 second address: 1012D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 add dword ptr [esp], 49BDA8A1h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F8F60FAA5B8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov esi, edi 0x0000002a lea ebx, dword ptr [ebp+12452A8Ch] 0x00000030 sub dword ptr [ebp+122D562Bh], edi 0x00000036 or dword ptr [ebp+122D1928h], edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F8F60FAA5C6h 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1012ED7 second address: 1012F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007F8F60F8A97Bh 0x00000010 nop 0x00000011 or dword ptr [ebp+122D1CC0h], esi 0x00000017 push eax 0x00000018 mov edi, dword ptr [ebp+122D389Eh] 0x0000001e pop ecx 0x0000001f push 00000000h 0x00000021 mov edi, esi 0x00000023 push 2D0EA356h 0x00000028 jmp 00007F8F60F8A96Eh 0x0000002d xor dword ptr [esp], 2D0EA3D6h 0x00000034 pushad 0x00000035 or edi, dword ptr [ebp+122D37A2h] 0x0000003b add ecx, 23D9C5CAh 0x00000041 popad 0x00000042 push 00000003h 0x00000044 mov ecx, dword ptr [ebp+122D38F6h] 0x0000004a push 00000000h 0x0000004c add dword ptr [ebp+122D562Bh], edi 0x00000052 push 00000003h 0x00000054 jmp 00007F8F60F8A96Dh 0x00000059 push 76B3B921h 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jnl 00007F8F60F8A966h 0x00000067 push eax 0x00000068 pop eax 0x00000069 popad 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030D69 second address: 1030D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030D6E second address: 1030D9A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F60F8A982h 0x00000008 ja 00007F8F60F8A966h 0x0000000e jmp 00007F8F60F8A976h 0x00000013 jc 00007F8F60F8A96Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030EDD second address: 1030EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030EE5 second address: 1030EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030EED second address: 1030EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60FAA5BBh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1030EFF second address: 1030F05 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10312F6 second address: 10312FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10312FA second address: 1031302 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 103148E second address: 1031492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1031492 second address: 10314A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10315D9 second address: 10315E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10315E5 second address: 10315EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1031757 second address: 103175B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1031B7C second address: 1031B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1032772 second address: 103278C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F8F60FAA5BCh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1032B83 second address: 1032BA8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F8F60F8A978h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1032BA8 second address: 1032BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1038428 second address: 103843D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A970h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FFCCCC second address: FFCCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FFCCD0 second address: FFCCD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FFCCD4 second address: FFCCDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 100399F second address: 10039A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1041B62 second address: 1041B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F8F60FAA5B8h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10419CF second address: 10419D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1043270 second address: 1043276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1043276 second address: 104327C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104327C second address: 104329F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60FAA5C6h 0x0000000c jng 00007F8F60FAA5B6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104329F second address: 10432B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F8F60F8A966h 0x00000010 jl 00007F8F60F8A966h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104410D second address: 1044111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1044111 second address: 1044117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1044117 second address: 104411C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104411C second address: 1044122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104415F second address: 1044165 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1044165 second address: 104417E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F8F60F8A966h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 je 00007F8F60F8A966h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104417E second address: 104419A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F8F60FAA5B6h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104419A second address: 10441A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8F60F8A966h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10441A4 second address: 10441A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10441A8 second address: 1044218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnc 00007F8F60F8A970h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jnp 00007F8F60F8A982h 0x0000001a pop eax 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F8F60F8A968h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000015h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 movsx edi, si 0x00000038 mov esi, dword ptr [ebp+122D1D19h] 0x0000003e push 26BB20ECh 0x00000043 pushad 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10448A0 second address: 10448B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8F60FAA5B8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F8F60FAA5B6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10448B7 second address: 10448BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10448BB second address: 10448C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10448C1 second address: 10448CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A96Ah 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10448CF second address: 10448D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1044F13 second address: 1044F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10450AF second address: 10450B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10450B3 second address: 10450B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045363 second address: 1045367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045367 second address: 1045387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8F60F8A976h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045443 second address: 1045471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F8F60FAA5B6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F8F60FAA5CDh 0x00000017 jmp 00007F8F60FAA5C7h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045471 second address: 1045477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045477 second address: 104547B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045522 second address: 1045526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1045526 second address: 104552C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104552C second address: 1045573 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60F8A968h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F8F60F8A968h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push esi 0x0000002a jne 00007F8F60F8A968h 0x00000030 pop edi 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10462E2 second address: 10462E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1046C68 second address: 1046C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1046C6C second address: 1046C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104800B second address: 104800F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1046C72 second address: 1046CAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnl 00007F8F60FAA5B6h 0x00000013 jmp 00007F8F60FAA5C7h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1049475 second address: 1049494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d je 00007F8F60F8A966h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10487BE second address: 10487F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8F60FAA5C2h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 pop ecx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1049264 second address: 1049279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1049FD6 second address: 1049FDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104A7AA second address: 104A7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8F60F8A96Ch 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104DDBA second address: 104DDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104DDBE second address: 104DDC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1050C6B second address: 1050C71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104FCB9 second address: 104FCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60F8A966h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1050C71 second address: 1050C88 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8F60FAA5B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F8F60FAA5B6h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1050C88 second address: 1050C8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104FCC3 second address: 104FCC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1050E10 second address: 1050E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1053D03 second address: 1053D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1053D07 second address: 1053D12 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1055B2A second address: 1055B34 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1055BE8 second address: 1055BED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1056BA4 second address: 1056BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1056BA9 second address: 1056BB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1056BB0 second address: 1056C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F8F60FAA5B8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov ebx, edx 0x00000026 push 00000000h 0x00000028 sub bx, 9EDAh 0x0000002d push 00000000h 0x0000002f xchg eax, esi 0x00000030 pushad 0x00000031 jne 00007F8F60FAA5B8h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F8F60FAA5C8h 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1056C08 second address: 1056C0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1055D0D second address: 1055D87 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F8F60FAA5B6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d xor ebx, 56BE8FF2h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov edi, 0EABA25Ah 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 add di, 16D4h 0x0000002b mov eax, dword ptr [ebp+122D15C5h] 0x00000031 or ebx, dword ptr [ebp+1244EF2Fh] 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c call 00007F8F60FAA5B8h 0x00000041 pop edi 0x00000042 mov dword ptr [esp+04h], edi 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc edi 0x0000004f push edi 0x00000050 ret 0x00000051 pop edi 0x00000052 ret 0x00000053 xor di, A7DAh 0x00000058 push eax 0x00000059 pushad 0x0000005a jmp 00007F8F60FAA5C8h 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 105BD0B second address: 105BD1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A970h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1059F28 second address: 1059F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C0h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 105BD1F second address: 105BD2A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1059F3D second address: 1059FE2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F8F60FAA5C1h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F8F60FAA5B8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jmp 00007F8F60FAA5C3h 0x00000030 push dword ptr fs:[00000000h] 0x00000037 or dword ptr [ebp+1244DF97h], eax 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 mov di, 8100h 0x00000048 mov eax, dword ptr [ebp+122D1639h] 0x0000004e movsx edi, cx 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push edx 0x00000056 call 00007F8F60FAA5B8h 0x0000005b pop edx 0x0000005c mov dword ptr [esp+04h], edx 0x00000060 add dword ptr [esp+04h], 00000014h 0x00000068 inc edx 0x00000069 push edx 0x0000006a ret 0x0000006b pop edx 0x0000006c ret 0x0000006d mov ebx, 0812D87Bh 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push edx 0x00000076 pushad 0x00000077 popad 0x00000078 pop edx 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 100883E second address: 1008842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1008842 second address: 1008848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 105D3D5 second address: 105D3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 105C3C4 second address: 105C3CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 105E424 second address: 105E48C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D3922h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F8F60F8A968h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d and bx, 0800h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F8F60F8A968h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e mov ebx, ecx 0x00000050 push eax 0x00000051 pushad 0x00000052 jp 00007F8F60F8A968h 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1006E12 second address: 1006E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1063CE2 second address: 1063CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1063CE6 second address: 1063CF2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1063CF2 second address: 1063CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1067D2C second address: 1067D36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1067D36 second address: 1067D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1067D45 second address: 1067D64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jno 00007F8F60FAA5B6h 0x00000011 jnc 00007F8F60FAA5B6h 0x00000017 pop esi 0x00000018 popad 0x00000019 pushad 0x0000001a push esi 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10674B0 second address: 10674B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10674B5 second address: 10674C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10674C0 second address: 10674C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10674C4 second address: 10674C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10675EC second address: 10675F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10675F0 second address: 1067640 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F8F60FAA5BFh 0x00000012 popad 0x00000013 jnl 00007F8F60FAA5BEh 0x00000019 pushad 0x0000001a push edi 0x0000001b pop edi 0x0000001c jmp 00007F8F60FAA5C7h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1067640 second address: 106764D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8F60F8A966h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 106764D second address: 1067651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 106CB62 second address: 106CB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F8F60F8A96Eh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jp 00007F8F60F8A966h 0x00000018 pop eax 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071A23 second address: 1071A4B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60FAA5B6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F8F60FAA5C8h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071A4B second address: 1071A4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071A4F second address: 1071AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F8F60FAA5C4h 0x00000015 pushad 0x00000016 popad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a jnp 00007F8F60FAA5CBh 0x00000020 jmp 00007F8F60FAA5C5h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071AA2 second address: 1071AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071AA8 second address: 1071AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071BF3 second address: 1071BFD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60F8A96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071D84 second address: 1071D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F8F60FAA5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071D90 second address: 1071D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071ED6 second address: 1071F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F8F60FAA5BEh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e js 00007F8F60FAA5BCh 0x00000014 jp 00007F8F60FAA5B6h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8F60FAA5C7h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071F14 second address: 1071F23 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1071F23 second address: 1071F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F8F60FAA5BDh 0x0000000d jno 00007F8F60FAA5B6h 0x00000013 push edx 0x00000014 pop edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1072217 second address: 1072222 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10723D9 second address: 10723DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10723DF second address: 10723E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1072541 second address: 1072547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1072547 second address: 1072574 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8F60F8A975h 0x0000000d push edi 0x0000000e jmp 00007F8F60F8A96Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1077989 second address: 1077995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1077995 second address: 107799B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107799B second address: 10779A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 100A3E4 second address: 100A3EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 100A3EC second address: 100A3F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10766F7 second address: 10766FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10766FF second address: 1076719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BDh 0x00000009 js 00007F8F60FAA5B6h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1076887 second address: 107688B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1076C7F second address: 1076C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1076C85 second address: 1076C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8F60F8A966h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1076C93 second address: 1076C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10770D2 second address: 1077111 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F8F60F8A966h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 je 00007F8F60F8A96Eh 0x00000017 je 00007F8F60F8A972h 0x0000001d push eax 0x0000001e push edx 0x0000001f jp 00007F8F60F8A966h 0x00000025 jns 00007F8F60F8A966h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107725E second address: 107726A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1077693 second address: 1077699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1077699 second address: 10776B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10776B5 second address: 10776EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8F60F8A966h 0x00000009 jmp 00007F8F60F8A974h 0x0000000e jmp 00007F8F60F8A96Dh 0x00000013 je 00007F8F60F8A966h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10776EC second address: 10776FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60FAA5B6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10776FA second address: 1077702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D66 second address: FF7D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D6C second address: FF7D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D72 second address: FF7D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D77 second address: FF7D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60F8A975h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D92 second address: FF7D9B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF7D9B second address: FF7DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104BB48 second address: 104BB5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104BB5A second address: 102A511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jnl 00007F8F60F8A970h 0x00000011 add dword ptr [ebp+1247D3F0h], edx 0x00000017 lea eax, dword ptr [ebp+1248B8FCh] 0x0000001d add dword ptr [ebp+122D17F0h], edx 0x00000023 push eax 0x00000024 jmp 00007F8F60F8A977h 0x00000029 mov dword ptr [esp], eax 0x0000002c mov di, 4D07h 0x00000030 call dword ptr [ebp+122D34F9h] 0x00000036 pushad 0x00000037 pushad 0x00000038 jmp 00007F8F60F8A974h 0x0000003d push esi 0x0000003e pop esi 0x0000003f js 00007F8F60F8A966h 0x00000045 push ecx 0x00000046 pop ecx 0x00000047 popad 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C045 second address: E93A50 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ecx, dword ptr [ebp+122D37CEh] 0x00000014 push dword ptr [ebp+122D02F1h] 0x0000001a mov dh, 4Ch 0x0000001c call dword ptr [ebp+122D1A68h] 0x00000022 pushad 0x00000023 mov dword ptr [ebp+122D2D00h], eax 0x00000029 xor eax, eax 0x0000002b mov dword ptr [ebp+122D2D00h], edi 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 je 00007F8F60FAA5BCh 0x0000003b mov dword ptr [ebp+122D25CCh], ebx 0x00000041 mov dword ptr [ebp+122D3762h], eax 0x00000047 jmp 00007F8F60FAA5C2h 0x0000004c mov esi, 0000003Ch 0x00000051 pushad 0x00000052 push edi 0x00000053 jnl 00007F8F60FAA5B6h 0x00000059 pop edx 0x0000005a mov edx, dword ptr [ebp+122D392Eh] 0x00000060 popad 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 pushad 0x00000066 mov dl, ch 0x00000068 mov ecx, 22CD75BDh 0x0000006d popad 0x0000006e lodsw 0x00000070 js 00007F8F60FAA5C4h 0x00000076 pushad 0x00000077 jno 00007F8F60FAA5B6h 0x0000007d xor dword ptr [ebp+122D2D00h], ebx 0x00000083 popad 0x00000084 add eax, dword ptr [esp+24h] 0x00000088 jmp 00007F8F60FAA5C3h 0x0000008d or dword ptr [ebp+122D1B1Dh], edx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 clc 0x00000098 sub dword ptr [ebp+122D1B1Dh], ebx 0x0000009e push eax 0x0000009f push eax 0x000000a0 push edx 0x000000a1 jmp 00007F8F60FAA5BBh 0x000000a6 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C208 second address: 104C211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C50C second address: 104C510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C655 second address: 104C664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C664 second address: 104C674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104CA63 second address: 104CA75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104CA75 second address: 104CA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104CA7A second address: 104CA84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8F60F8A966h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104CA84 second address: 104CA88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104CD84 second address: 104CD89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 102B050 second address: 102B0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C9h 0x00000007 jmp 00007F8F60FAA5C4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jbe 00007F8F60FAA5CAh 0x00000014 jmp 00007F8F60FAA5C2h 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jno 00007F8F60FAA5B6h 0x00000025 push edx 0x00000026 pop edx 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 102B0AA second address: 102B0AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107AEC8 second address: 107AEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107AEDB second address: 107AEDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107AEDF second address: 107AEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107B062 second address: 107B066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107B455 second address: 107B45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 107B45B second address: 107B460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085977 second address: 108597F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108597F second address: 10859AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Ch 0x00000009 jmp 00007F8F60F8A976h 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10859AD second address: 10859D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8F60FAA5BBh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085B38 second address: 1085B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085B3E second address: 1085B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F8F60FAA5B6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085B4B second address: 1085B60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8F60F8A96Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085B60 second address: 1085B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007F8F60FAA5B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085B6E second address: 1085B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085D08 second address: 1085D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1085FBC second address: 1085FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8F60F8A966h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108611D second address: 1086141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jng 00007F8F60FAA5CDh 0x0000000d jne 00007F8F60FAA5B6h 0x00000013 jmp 00007F8F60FAA5C1h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10862D7 second address: 10862DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10862DD second address: 10862E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10862E1 second address: 10862E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10862E5 second address: 1086305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007F8F60FAA5CEh 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F8F60FAA5B6h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086305 second address: 1086309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086309 second address: 108630F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086854 second address: 108685A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108685A second address: 1086879 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60FAA5B6h 0x00000008 jmp 00007F8F60FAA5C1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086879 second address: 108687D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10869DC second address: 1086A03 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8F60FAA5CEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F8F60FAA5C6h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086A03 second address: 1086A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086E17 second address: 1086E31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8F60FAA5C4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086E31 second address: 1086E57 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007F8F60F8A966h 0x00000009 jns 00007F8F60F8A966h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8F60F8A974h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086E57 second address: 1086E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1086E5B second address: 1086E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F8F60F8A982h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108A605 second address: 108A62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5C8h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F8F60FAA5B6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108A62C second address: 108A63A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A96Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108A63A second address: 108A64B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BBh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108CBE7 second address: 108CBEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108CE81 second address: 108CE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108CE85 second address: 108CE92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 108F26F second address: 108F283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109437B second address: 109437F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109437F second address: 1094383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10947DE second address: 10947E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8F60F8A96Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C849 second address: 104C8E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jo 00007F8F60FAA5BCh 0x00000012 mov ecx, dword ptr [ebp+122D19CDh] 0x00000018 mov ebx, dword ptr [ebp+1248B93Bh] 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007F8F60FAA5B8h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 00000018h 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 mov dword ptr [ebp+1244DF97h], eax 0x0000003e add eax, ebx 0x00000040 mov dword ptr [ebp+124823EEh], edi 0x00000046 mov edx, dword ptr [ebp+122D370Eh] 0x0000004c push eax 0x0000004d jmp 00007F8F60FAA5C9h 0x00000052 mov dword ptr [esp], eax 0x00000055 jmp 00007F8F60FAA5BCh 0x0000005a mov ecx, dword ptr [ebp+122D38CAh] 0x00000060 push 00000004h 0x00000062 push eax 0x00000063 pushad 0x00000064 je 00007F8F60FAA5BCh 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C8E8 second address: 104C8F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 104C8F0 second address: 104C8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1094A5B second address: 1094A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10982F5 second address: 10982FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1097AA2 second address: 1097AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1098080 second address: 1098086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BE35 second address: 109BE4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A970h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BE4A second address: 109BE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BE50 second address: 109BE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60F8A977h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BE70 second address: 109BE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BE74 second address: 109BEBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A978h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnp 00007F8F60F8A972h 0x00000014 ja 00007F8F60F8A966h 0x0000001a jc 00007F8F60F8A966h 0x00000020 jmp 00007F8F60F8A96Dh 0x00000025 push ecx 0x00000026 push edx 0x00000027 pop edx 0x00000028 pop ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109BEBC second address: 109BEC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FFB2F4 second address: FFB301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B187 second address: 109B18F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B18F second address: 109B199 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B199 second address: 109B19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B315 second address: 109B348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007F8F60F8A96Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d jns 00007F8F60F8A966h 0x00000013 push eax 0x00000014 push edx 0x00000015 ja 00007F8F60F8A966h 0x0000001b jmp 00007F8F60F8A978h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B492 second address: 109B496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 109B5C1 second address: 109B5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8F60F8A966h 0x0000000d jmp 00007F8F60F8A96Ah 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A4488 second address: 10A44A0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8F60FAA5B6h 0x00000008 jo 00007F8F60FAA5B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jg 00007F8F60FAA5B6h 0x00000017 pop edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF6214 second address: FF6266 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F60F8A96Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jmp 00007F8F60F8A975h 0x00000011 pop ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F8F60F8A96Ch 0x0000001a popad 0x0000001b push ebx 0x0000001c jno 00007F8F60F8A966h 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 pop ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jng 00007F8F60F8A966h 0x0000002d jnc 00007F8F60F8A966h 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF6266 second address: FF626A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A2587 second address: 10A25BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8F60F8A977h 0x00000008 pop ecx 0x00000009 jmp 00007F8F60F8A977h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A30FE second address: 10A3103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A3103 second address: 10A312B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60F8A966h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 js 00007F8F60F8A966h 0x00000018 jns 00007F8F60F8A966h 0x0000001e popad 0x0000001f pushad 0x00000020 ja 00007F8F60F8A966h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A312B second address: 10A313E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A313E second address: 10A3143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A3143 second address: 10A3156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A3C1B second address: 10A3C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A978h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A4170 second address: 10A4178 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A4178 second address: 10A418B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 je 00007F8F60F8A966h 0x00000009 jnl 00007F8F60F8A966h 0x0000000f pop esi 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A418B second address: 10A4191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A9EBA second address: 10A9ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop esi 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8F60F8A96Ah 0x00000016 pop esi 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10A9ED6 second address: 10A9EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F8F60FAA5B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ADAD9 second address: 10ADADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ADADD second address: 10ADAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ADAF2 second address: 10ADB10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A970h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A96Ah 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ACE52 second address: 10ACE8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F8F60FAA5C9h 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ACE8B second address: 10ACE99 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 je 00007F8F60F8A966h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ACE99 second address: 10ACE9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ACFDB second address: 10ACFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10ACFE0 second address: 10AD00A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F8F60FAA5C2h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10AD1E8 second address: 10AD202 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8F60F8A966h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F8F60F8A96Eh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10AD369 second address: 10AD36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10AD36D second address: 10AD38C instructions: 0x00000000 rdtsc 0x00000002 js 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8F60F8A972h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10AD4F3 second address: 10AD4F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10B6D72 second address: 10B6D76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10BD5D3 second address: 10BD5D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10BD5D7 second address: 10BD5E1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10C80F5 second address: 10C80F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10CBAFF second address: 10CBB1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8F60F8A966h 0x0000000a jmp 00007F8F60F8A96Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F8F60F8A966h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10CBB1E second address: 10CBB24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10CBB24 second address: 10CBB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10CBB39 second address: 10CBB45 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007F8F60FAA5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF9856 second address: FF9873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A974h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF9873 second address: FF9879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF9879 second address: FF987D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: FF987D second address: FF9881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10CB9A4 second address: 10CB9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A96Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jnp 00007F8F60F8A966h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10DF13D second address: 10DF147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8F60FAA5B6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10DF147 second address: 10DF156 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jp 00007F8F60F8A966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10DF156 second address: 10DF165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10DF165 second address: 10DF169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E914D second address: 10E9151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E9151 second address: 10E9155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E7D1E second address: 10E7D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E7E82 second address: 10E7E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F8F60F8A966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E7E91 second address: 10E7E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E8130 second address: 10E8141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8F60F8A96Ch 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10E8141 second address: 10E8165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F8F60FAA5B6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF684 second address: 10EF688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF688 second address: 10EF68C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF68C second address: 10EF698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF698 second address: 10EF6A2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8F60FAA5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF24D second address: 10EF258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8F60F8A966h 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF258 second address: 10EF25D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF25D second address: 10EF279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8F60F8A966h 0x0000000a pop esi 0x0000000b pushad 0x0000000c jnp 00007F8F60F8A966h 0x00000012 jbe 00007F8F60F8A966h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF39C second address: 10EF3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60FAA5BCh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF3B2 second address: 10EF3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A978h 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8F60F8A970h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10EF3E2 second address: 10EF3EF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8F60FAA5B8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10F0CBD second address: 10F0CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10FB6B4 second address: 10FB6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10FB6BA second address: 10FB6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8F60F8A96Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F8F60F8A966h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 10FB6D9 second address: 10FB6E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1102AA5 second address: 1102AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 110F680 second address: 110F684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 110F684 second address: 110F68A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 110F68A second address: 110F692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 110F692 second address: 110F69F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 110F7D8 second address: 110F7DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1128366 second address: 112837D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8F60F8A973h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11271BA second address: 11271DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8F60FAA5C3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11271DA second address: 11271E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127370 second address: 1127376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127376 second address: 1127390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8F60F8A96Bh 0x0000000e jnc 00007F8F60F8A966h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127390 second address: 11273A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8F60FAA5B6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F8F60FAA5BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11277B0 second address: 11277C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8F60F8A96Ah 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127A89 second address: 1127AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F8F60FAA5C2h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jnp 00007F8F60FAA5B6h 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8F60FAA5C8h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127AC4 second address: 1127AC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127D4A second address: 1127D5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127D5C second address: 1127D79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60F8A978h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127EC5 second address: 1127F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jnp 00007F8F60FAA5B8h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push esi 0x00000015 pop esi 0x00000016 push edx 0x00000017 pop edx 0x00000018 jmp 00007F8F60FAA5BBh 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8F60FAA5C4h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127F04 second address: 1127F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1127F08 second address: 1127F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112805A second address: 112806B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112806B second address: 112806F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112806F second address: 1128079 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8F60F8A966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1128079 second address: 112808C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8F60FAA5BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1129A6D second address: 1129A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F8F60F8A966h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1129A7C second address: 1129A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C565 second address: 112C5A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor dword ptr [ebp+122D1847h], eax 0x00000011 push 00000004h 0x00000013 jmp 00007F8F60F8A96Dh 0x00000018 stc 0x00000019 call 00007F8F60F8A969h 0x0000001e push eax 0x0000001f push edx 0x00000020 jne 00007F8F60F8A977h 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C5A8 second address: 112C608 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8F60FAA5C0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F8F60FAA5C7h 0x00000014 jng 00007F8F60FAA5C7h 0x0000001a jmp 00007F8F60FAA5C1h 0x0000001f popad 0x00000020 mov eax, dword ptr [esp+04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F8F60FAA5C1h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C608 second address: 112C63D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A974h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8F60F8A978h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C807 second address: 112C80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C80C second address: 112C8F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A972h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F8F60F8A976h 0x00000010 jnc 00007F8F60F8A968h 0x00000016 popad 0x00000017 nop 0x00000018 call 00007F8F60F8A977h 0x0000001d add dh, 00000073h 0x00000020 pop edx 0x00000021 push dword ptr [ebp+122D2089h] 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007F8F60F8A968h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 0000001Bh 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 sub dword ptr [ebp+122D1A14h], ebx 0x00000047 call 00007F8F60F8A969h 0x0000004c jnc 00007F8F60F8A97Fh 0x00000052 push eax 0x00000053 jmp 00007F8F60F8A975h 0x00000058 mov eax, dword ptr [esp+04h] 0x0000005c jg 00007F8F60F8A973h 0x00000062 mov eax, dword ptr [eax] 0x00000064 je 00007F8F60F8A974h 0x0000006a push eax 0x0000006b push edx 0x0000006c jp 00007F8F60F8A966h 0x00000072 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 112C8F3 second address: 112C914 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push edi 0x0000000c jmp 00007F8F60FAA5C0h 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30B4F second address: 4C30B79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60F8A971h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8F60F8A96Dh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30B79 second address: 4C30B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30B7E second address: 4C30C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e jmp 00007F8F60F8A96Bh 0x00000013 popad 0x00000014 jns 00007F8F60F8A9D9h 0x0000001a jmp 00007F8F60F8A976h 0x0000001f add eax, ecx 0x00000021 pushad 0x00000022 call 00007F8F60F8A96Eh 0x00000027 pushfd 0x00000028 jmp 00007F8F60F8A972h 0x0000002d and cx, ED08h 0x00000032 jmp 00007F8F60F8A96Bh 0x00000037 popfd 0x00000038 pop eax 0x00000039 pushfd 0x0000003a jmp 00007F8F60F8A979h 0x0000003f jmp 00007F8F60F8A96Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov eax, dword ptr [eax+00000860h] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F8F60F8A975h 0x00000053 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C2E second address: 4C30C4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C4B second address: 4C30C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C4F second address: 4C30C62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8F60FAA5BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C62 second address: 4C30C68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C68 second address: 4C30C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4C30C6C second address: 4C30C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F8FD2F60A51h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8F60F8A96Ah 0x00000015 rdtsc |