Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E2D110 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E2D110 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh | 0_2_00E663B8 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E65700 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh | 0_2_00E699D0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h | 0_2_00E6695B |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 0_2_00E2FCA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 0_2_00E30EEC |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00E66094 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h | 0_2_00E64040 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+20h] | 0_2_00E36F91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then dec ebx | 0_2_00E5F030 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, dword ptr [edx] | 0_2_00E21000 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 0_2_00E4D1E1 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E342FC |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], dx | 0_2_00E42260 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [esi], ax | 0_2_00E42260 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+14h] | 0_2_00E523E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebp, eax | 0_2_00E2A300 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh | 0_2_00E664B8 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 0_2_00E4C470 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 0_2_00E61440 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E3D457 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E4E40C |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 0_2_00E3B410 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] | 0_2_00E28590 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh | 0_2_00E67520 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E36536 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E49510 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E4E66A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_00E5B650 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 0_2_00E667EF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E4D7AF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, word ptr [edi+eax] | 0_2_00E67710 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], dx | 0_2_00E428E9 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 0_2_00E249A0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h | 0_2_00E3D961 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h | 0_2_00E63920 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E31ACD |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h | 0_2_00E64A40 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esi+ebx] | 0_2_00E25A50 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E31A3C |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E33BE2 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+40h] | 0_2_00E31BEE |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 0_2_00E50B80 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh | 0_2_00E69B60 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] | 0_2_00E3DB6F |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h | 0_2_00E3DB6F |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E69CE0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh | 0_2_00E69CE0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h | 0_2_00E4CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E4CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h | 0_2_00E4CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E4AC91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [edx], ax | 0_2_00E4AC91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h | 0_2_00E4EC48 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh | 0_2_00E5FC20 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 0_2_00E47C00 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E68D8A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E4DD29 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh | 0_2_00E4FD10 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 0_2_00E26EA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, word ptr [ebp+00h] | 0_2_00E2BEB0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp byte ptr [ebx], 00000000h | 0_2_00E36EBF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+40h] | 0_2_00E31E93 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E47E60 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E45E70 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, word ptr [ecx] | 0_2_00E4AE57 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edi, ecx | 0_2_00E34E2A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h | 0_2_00E67FC0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E67FC0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00E65FD6 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00E28FD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [edx], 0000h | 0_2_00E3FFDF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+20h] | 0_2_00E36F91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E49F62 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E5FF70 |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.2198358610.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://clearancek.site:443/api |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000002.2199692531.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.00000000013C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/Microsoft |
Source: file.exe, 00000000.00000002.2199692531.00000000013E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.00000000013E1000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/P |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.2198563646.00000000013FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.00000000013EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199777018.00000000013FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199692531.00000000013E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.00000000013E1000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.2198358610.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.2198358610.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.2198358610.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199587824.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2198358610.00000000013C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.000000000145A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198300913.0000000001454000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000002.2199777018.0000000001412000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198358610.0000000001438000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2199835637.0000000001438000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFE0FA second address: FFE0FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD10E second address: FFD12C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jmp 00007FCE98C42BDBh 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007FCE98C42BD6h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD12C second address: FFD132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD278 second address: FFD27E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD27E second address: FFD2CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCE98BEC844h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007FCE98BEC83Eh 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 popad 0x00000016 jc 00007FCE98BEC86Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FCE98BEC843h 0x00000023 jg 00007FCE98BEC836h 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD2CC second address: FFD2D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD2D6 second address: FFD2DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD6C9 second address: FFD6DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FCE98C42BD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 js 00007FCE98C42BD6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FFD6DF second address: FFD6E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 100161F second address: 1001623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1001623 second address: 100168D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jbe 00007FCE98BEC842h 0x0000000d ja 00007FCE98BEC83Ch 0x00000013 nop 0x00000014 push 00000000h 0x00000016 jmp 00007FCE98BEC849h 0x0000001b call 00007FCE98BEC839h 0x00000020 pushad 0x00000021 jnp 00007FCE98BEC83Ch 0x00000027 jns 00007FCE98BEC836h 0x0000002d jo 00007FCE98BEC838h 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FCE98BEC842h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 100168D second address: 10016B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FCE98C42BD6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10016B1 second address: 10016D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC846h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10016D8 second address: 10016DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10016DE second address: 10016E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10016E2 second address: 10016F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d je 00007FCE98C42BD6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10016F8 second address: 1001730 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC847h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jmp 00007FCE98BEC845h 0x00000015 pop esi 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1001730 second address: 10017D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCE98C42BDCh 0x00000008 jl 00007FCE98C42BD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 push edi 0x00000012 jmp 00007FCE98C42BDAh 0x00000017 pop edx 0x00000018 push 00000003h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007FCE98C42BD8h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 jmp 00007FCE98C42BE1h 0x00000039 sbb edx, 66504902h 0x0000003f push 00000000h 0x00000041 jmp 00007FCE98C42BE3h 0x00000046 push 00000003h 0x00000048 mov edi, eax 0x0000004a call 00007FCE98C42BD9h 0x0000004f push eax 0x00000050 jmp 00007FCE98C42BDCh 0x00000055 pop eax 0x00000056 push eax 0x00000057 jnc 00007FCE98C42BF6h 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007FCE98C42BE8h 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10017D5 second address: 1001848 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push esi 0x0000000b push ebx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop ebx 0x0000000f pop esi 0x00000010 mov eax, dword ptr [eax] 0x00000012 jne 00007FCE98BEC840h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c js 00007FCE98BEC84Fh 0x00000022 pop eax 0x00000023 mov esi, dword ptr [ebp+122D1BB3h] 0x00000029 lea ebx, dword ptr [ebp+124513C0h] 0x0000002f pushad 0x00000030 stc 0x00000031 xor dword ptr [ebp+122D1B3Ch], eax 0x00000037 popad 0x00000038 mov dword ptr [ebp+122D1AE1h], edi 0x0000003e xchg eax, ebx 0x0000003f pushad 0x00000040 push ebx 0x00000041 push esi 0x00000042 pop esi 0x00000043 pop ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FCE98BEC83Ah 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FED32B second address: FED32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F1EA second address: 101F1F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F1F0 second address: 101F1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F34F second address: 101F357 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F357 second address: 101F363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FCE98C42BD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F363 second address: 101F367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F367 second address: 101F37A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCE98C42BD6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F606 second address: 101F616 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F616 second address: 101F620 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCE98C42BE2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F620 second address: 101F626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F626 second address: 101F62F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F62F second address: 101F641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jl 00007FCE98BEC83Eh 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F641 second address: 101F661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007FCE98C42BD6h 0x0000000c jmp 00007FCE98C42BE4h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101F661 second address: 101F689 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007FCE98BEC843h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101FC6E second address: 101FC89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FCE98C42BE1h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101FC89 second address: 101FCA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC848h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 101FCA5 second address: 101FCC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCE98C42BE4h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FF5771 second address: FF5793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC842h 0x00000009 jmp 00007FCE98BEC83Ch 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020564 second address: 1020569 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020CC9 second address: 1020CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020CD1 second address: 1020CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020CD5 second address: 1020CEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCE98BEC83Ah 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020CEB second address: 1020CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1020CEF second address: 1020CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1021263 second address: 1021267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1021267 second address: 1021270 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102661C second address: 1026622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1026856 second address: 102685A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102685A second address: 1026865 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FEB90D second address: FEB927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007FCE98BEC83Ah 0x0000000a pop edx 0x0000000b jc 00007FCE98BEC852h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FEB927 second address: FEB935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BDAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FEB935 second address: FEB939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102CE0D second address: 102CE15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102C675 second address: 102C67F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102CC93 second address: 102CCD2 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCE98C42BEEh 0x00000008 jmp 00007FCE98C42BE8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 pushad 0x00000015 jmp 00007FCE98C42BDFh 0x0000001a jo 00007FCE98C42BD6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E1FD second address: 102E202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E202 second address: 102E218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98C42BE2h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E3CD second address: 102E3D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E3D1 second address: 102E3D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E3D7 second address: 102E3FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC847h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007FCE98BEC838h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E5CC second address: 102E5D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E5D2 second address: 102E5D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E5D8 second address: 102E5DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E5DC second address: 102E5E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E78E second address: 102E792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102E9B3 second address: 102E9C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 jnc 00007FCE98BEC83Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102F2D4 second address: 102F2D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102F3D0 second address: 102F3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102F47D second address: 102F486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102FAB8 second address: 102FACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 js 00007FCE98BEC836h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007FCE98BEC838h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 102FACF second address: 102FB51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FCE98C42BE8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e pushad 0x0000000f jmp 00007FCE98C42BE8h 0x00000014 popad 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007FCE98C42BD8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FCE98C42BD8h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 00000015h 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d clc 0x0000004e xchg eax, ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 push edi 0x00000052 push ecx 0x00000053 pop ecx 0x00000054 pop edi 0x00000055 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10304BE second address: 10304D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC83Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1032164 second address: 10321B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jc 00007FCE98C42BD6h 0x0000000b js 00007FCE98C42BD6h 0x00000011 popad 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 or dword ptr [ebp+1245A0C5h], edi 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007FCE98C42BD8h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 mov edi, ebx 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FCE98C42BE1h 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1031E8E second address: 1031E9A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10338C4 second address: 10338CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037951 second address: 1037960 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC83Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037960 second address: 1037964 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037964 second address: 1037972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037EC4 second address: 1037EE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FCE98C42BD6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007FCE98C42BDCh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037F78 second address: 1037F82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FCE98BEC836h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1038F11 second address: 1038F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jns 00007FCE98C42BD6h 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f jbe 00007FCE98C42BEEh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FCE98C42BDCh 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1038F34 second address: 1038F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103A001 second address: 103A006 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1039128 second address: 1039138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 jbe 00007FCE98BEC83Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103AF9D second address: 103AFA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103AFA1 second address: 103AFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103B18A second address: 103B194 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCE98C42BDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103C2A8 second address: 103C381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC844h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FCE98BEC848h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FCE98BEC843h 0x00000015 nop 0x00000016 mov edi, dword ptr [ebp+1245A14Bh] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 call 00007FCE98BEC841h 0x00000028 add edi, 6436D91Ch 0x0000002e pop edi 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007FCE98BEC838h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 0000001Ch 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 mov edi, 4EBB2A62h 0x00000055 mov ebx, dword ptr [ebp+122D3028h] 0x0000005b mov eax, dword ptr [ebp+122D1111h] 0x00000061 push 00000000h 0x00000063 push edx 0x00000064 call 00007FCE98BEC838h 0x00000069 pop edx 0x0000006a mov dword ptr [esp+04h], edx 0x0000006e add dword ptr [esp+04h], 0000001Bh 0x00000076 inc edx 0x00000077 push edx 0x00000078 ret 0x00000079 pop edx 0x0000007a ret 0x0000007b push FFFFFFFFh 0x0000007d sbb ebx, 40AA0806h 0x00000083 push eax 0x00000084 push eax 0x00000085 pushad 0x00000086 pushad 0x00000087 popad 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103B194 second address: 103B262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007FCE98C42BD8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 jmp 00007FCE98C42BE7h 0x00000028 clc 0x00000029 push dword ptr fs:[00000000h] 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007FCE98C42BD8h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D1B2Ch], eax 0x00000050 mov dword ptr fs:[00000000h], esp 0x00000057 call 00007FCE98C42BE4h 0x0000005c pop edi 0x0000005d movzx edi, bx 0x00000060 mov eax, dword ptr [ebp+122D0C51h] 0x00000066 jmp 00007FCE98C42BE5h 0x0000006b push FFFFFFFFh 0x0000006d mov dword ptr [ebp+122D2B19h], edx 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FCE98C42BE8h 0x0000007b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103E3AB second address: 103E3BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC83Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103B262 second address: 103B270 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103D473 second address: 103D477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103F4A0 second address: 103F4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103F582 second address: 103F60E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 jmp 00007FCE98BEC83Ah 0x0000000b pop ecx 0x0000000c popad 0x0000000d nop 0x0000000e mov ebx, dword ptr [ebp+12471BE9h] 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007FCE98BEC838h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 mov di, 1980h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 add ebx, 236C1BDDh 0x00000046 mov eax, dword ptr [ebp+122D0EE1h] 0x0000004c mov ebx, dword ptr [ebp+122D19C6h] 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push edi 0x00000057 call 00007FCE98BEC838h 0x0000005c pop edi 0x0000005d mov dword ptr [esp+04h], edi 0x00000061 add dword ptr [esp+04h], 0000001Dh 0x00000069 inc edi 0x0000006a push edi 0x0000006b ret 0x0000006c pop edi 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122D35C1h] 0x00000074 nop 0x00000075 pushad 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 popad 0x0000007a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103F60E second address: 103F617 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10442AB second address: 10442BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FCE98BEC83Dh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1043508 second address: 104350D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10453E6 second address: 10453EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10453EE second address: 10453F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10453F2 second address: 10453F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104732F second address: 1047335 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10453F6 second address: 104549B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007FCE98BEC845h 0x00000015 popad 0x00000016 popad 0x00000017 nop 0x00000018 mov ebx, dword ptr [ebp+1245EDDCh] 0x0000001e mov bx, dx 0x00000021 push dword ptr fs:[00000000h] 0x00000028 sub dword ptr [ebp+122D1B6Fh], edx 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 xor edi, dword ptr [ebp+122D3561h] 0x0000003b jmp 00007FCE98BEC83Eh 0x00000040 mov eax, dword ptr [ebp+122D06C5h] 0x00000046 push 00000000h 0x00000048 push esi 0x00000049 call 00007FCE98BEC838h 0x0000004e pop esi 0x0000004f mov dword ptr [esp+04h], esi 0x00000053 add dword ptr [esp+04h], 00000019h 0x0000005b inc esi 0x0000005c push esi 0x0000005d ret 0x0000005e pop esi 0x0000005f ret 0x00000060 push FFFFFFFFh 0x00000062 mov dword ptr [ebp+122D1A04h], edx 0x00000068 or di, 6EBAh 0x0000006d nop 0x0000006e pushad 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007FCE98BEC844h 0x00000076 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104549B second address: 104549F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104549F second address: 10454A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10454A9 second address: 10454D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCE98C42BDEh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10454D4 second address: 10454E6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FCE98BEC836h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10454E6 second address: 10454EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10474AC second address: 10474C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC842h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104B22F second address: 104B233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104B233 second address: 104B259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 je 00007FCE98BEC858h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FCE98BEC846h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104FB3A second address: 104FB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CE44 second address: 105CE6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FCE98BEC842h 0x0000000b jmp 00007FCE98BEC83Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C156 second address: 105C15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C15A second address: 105C162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C162 second address: 105C173 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FCE98C42BDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C450 second address: 105C458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C458 second address: 105C469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FCE98C42BD6h 0x0000000a jc 00007FCE98C42BD6h 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C469 second address: 105C496 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 ja 00007FCE98BEC836h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop esi 0x0000000c jmp 00007FCE98BEC83Bh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007FCE98BEC840h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C496 second address: 105C4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE5h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FCE98C42BD6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C654 second address: 105C668 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FCE98BEC836h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FCE98BEC836h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C668 second address: 105C68F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCE98C42BD6h 0x00000008 jnl 00007FCE98C42BD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 jmp 00007FCE98C42BE2h 0x00000019 pop esi 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105C68F second address: 105C6AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC845h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CC8E second address: 105CCA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BDAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CCA6 second address: 105CCAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CCAC second address: 105CCB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CCB0 second address: 105CCB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CCB4 second address: 105CCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105CCBD second address: 105CCCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FCE98BEC836h 0x0000000a jns 00007FCE98BEC836h 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10624EF second address: 106250C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007FCE98C42BD8h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10611B8 second address: 10611BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061316 second address: 1061321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FCE98C42BD6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061594 second address: 106159A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061719 second address: 106173B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCE98C42BF4h 0x00000008 jmp 00007FCE98C42BE8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106173B second address: 106174F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jc 00007FCE98BEC836h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106174F second address: 1061755 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061755 second address: 1061773 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCE98BEC847h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061773 second address: 1061794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FCE98C42BD6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10618B3 second address: 10618BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10618BC second address: 10618C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061A57 second address: 1061A5C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061BB2 second address: 1061BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FCE98C42BD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061BC1 second address: 1061BCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jns 00007FCE98BEC836h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061E69 second address: 1061E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061E6D second address: 1061E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061E76 second address: 1061E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1061E7C second address: 1061EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FCE98BEC847h 0x0000000e jmp 00007FCE98BEC847h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10172D4 second address: 10172EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FCE98C42BD6h 0x0000000a jmp 00007FCE98C42BDAh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1060D2A second address: 1060D3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FCE98BEC836h 0x00000009 jmp 00007FCE98BEC83Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1060D3F second address: 1060D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jnl 00007FCE98C42BD6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036046 second address: 1036065 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCE98BEC843h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10363ED second address: 10363F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FCE98C42BD6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10364CE second address: 10364D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10364D2 second address: 10364DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10364DC second address: 10364E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10364E0 second address: 10364E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10365CA second address: 10365D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FCE98BEC836h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103690F second address: 103691C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103691C second address: 1036920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036D2F second address: 1036D35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036ED1 second address: 1036ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10370FA second address: 1037100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037100 second address: 1037145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FCE98BEC838h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 mov edx, dword ptr [ebp+122D366Dh] 0x0000002b lea eax, dword ptr [ebp+12485B9Fh] 0x00000031 mov dword ptr [ebp+12471BE9h], esi 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1037145 second address: 103714F instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCE98C42BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103714F second address: 103718D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edx, dword ptr [ebp+122D3721h] 0x00000013 lea eax, dword ptr [ebp+12485B5Bh] 0x00000019 mov edi, 4FFA490Ah 0x0000001e jmp 00007FCE98BEC83Bh 0x00000023 push eax 0x00000024 pushad 0x00000025 pushad 0x00000026 jmp 00007FCE98BEC840h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103718D second address: 103719A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FCE98C42BDCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 103719A second address: 10172D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FCE98BEC838h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 or ecx, dword ptr [ebp+122D364Dh] 0x00000028 call dword ptr [ebp+122D182Bh] 0x0000002e pushad 0x0000002f jp 00007FCE98BEC842h 0x00000035 jg 00007FCE98BEC843h 0x0000003b pushad 0x0000003c jne 00007FCE98BEC836h 0x00000042 jmp 00007FCE98BEC847h 0x00000047 jo 00007FCE98BEC836h 0x0000004d jmp 00007FCE98BEC848h 0x00000052 popad 0x00000053 popad 0x00000054 push esi 0x00000055 push esi 0x00000056 push ebx 0x00000057 pop ebx 0x00000058 pop esi 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1065DBF second address: 1065DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FCE98C42BE4h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10662F8 second address: 1066346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC843h 0x00000007 jbe 00007FCE98BEC849h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jg 00007FCE98BEC836h 0x00000018 jmp 00007FCE98BEC83Eh 0x0000001d popad 0x0000001e push ebx 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 pop ebx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1066346 second address: 106634E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106634E second address: 1066358 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCE98BEC836h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1066358 second address: 1066366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FCE98C42BDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10667C0 second address: 10667D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FCE98BEC836h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10667D1 second address: 10667D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10667D5 second address: 10667DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10667DB second address: 106680C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FCE98C42BDCh 0x0000000c jno 00007FCE98C42BD6h 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FCE98C42BE7h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106680C second address: 1066810 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FEEDDB second address: FEEDDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106A60C second address: 106A610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106A610 second address: 106A616 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106D009 second address: 106D00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 106D00D second address: 106D01D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FCE98C42BD6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FF725D second address: FF7261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FF7261 second address: FF7281 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCE98C42BD6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007FCE98C42BDEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FF7281 second address: FF7287 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FF7287 second address: FF7292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1070411 second address: 1070433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FCE98BEC836h 0x0000000a jno 00007FCE98BEC836h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007FCE98BEC83Ch 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1070433 second address: 1070442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FCE98C42BD6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10753DD second address: 107540C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCE98BEC836h 0x00000008 jmp 00007FCE98BEC842h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FCE98BEC83Eh 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10756C5 second address: 10756D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007FCE98C42BD6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10756D7 second address: 10756E7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCE98BEC836h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075B40 second address: 1075B79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCE98C42BE1h 0x00000010 pushad 0x00000011 ja 00007FCE98C42BD6h 0x00000017 jc 00007FCE98C42BD6h 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075B79 second address: 1075B85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007FCE98BEC836h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075056 second address: 107505C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107505C second address: 1075096 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FCE98BEC843h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pushad 0x00000010 je 00007FCE98BEC836h 0x00000016 push eax 0x00000017 pop eax 0x00000018 jmp 00007FCE98BEC842h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075096 second address: 107509F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107509F second address: 10750A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10750A3 second address: 10750A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10750A9 second address: 10750C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCE98BEC83Ch 0x0000000e jl 00007FCE98BEC838h 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075FDC second address: 1075FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FCE98C42BE8h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1075FF9 second address: 1076010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC841h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079F69 second address: 1079F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE9h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079F8D second address: 1079F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107B7A3 second address: 107B7A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107DF71 second address: 107DF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107DF77 second address: 107DF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107DF83 second address: 107DF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007FCE98BEC836h 0x0000000f jns 00007FCE98BEC836h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10830EF second address: 1083109 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FCE98C42BE4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108298E second address: 10829A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC83Bh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1082B12 second address: 1082B3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 je 00007FCE98C42C07h 0x0000000f pushad 0x00000010 jnl 00007FCE98C42BD6h 0x00000016 jmp 00007FCE98C42BE0h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10856D6 second address: 10856E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FCE98BEC836h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10856E4 second address: 108570D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 je 00007FCE98C42BDEh 0x0000000e pushad 0x0000000f jmp 00007FCE98C42BDAh 0x00000014 jno 00007FCE98C42BD6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108570D second address: 1085718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1085718 second address: 1085734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B73B second address: 108B746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FCE98BEC836h 0x0000000a pop ebx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B746 second address: 108B768 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pushad 0x00000010 jmp 00007FCE98C42BE0h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A573 second address: 108A577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A577 second address: 108A57D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A57D second address: 108A597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FCE98BEC83Eh 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A597 second address: 108A5AA instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCE98C42BDEh 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036B40 second address: 1036B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036B44 second address: 1036B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036B48 second address: 1036BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FCE98BEC838h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 add dword ptr [ebp+122D1B8Dh], edx 0x00000028 push 00000004h 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007FCE98BEC838h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 0000001Ch 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D3845h] 0x0000004a nop 0x0000004b push eax 0x0000004c push edx 0x0000004d push esi 0x0000004e push edx 0x0000004f pop edx 0x00000050 pop esi 0x00000051 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036BA8 second address: 1036BCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1036BCA second address: 1036BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FE9FED second address: FEA002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092292 second address: 10922A1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push edi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092BD9 second address: 1092BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092BEF second address: 1092BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092BFC second address: 1092C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092EC4 second address: 1092ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092ECA second address: 1092EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jo 00007FCE98C42BEDh 0x0000000b jmp 00007FCE98C42BE5h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109379C second address: 10937A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10986BA second address: 10986E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE4h 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FCE98C42BE3h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098B43 second address: 1098B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FCE98BEC846h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098B6B second address: 1098B87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FCE98C42BE6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098EA4 second address: 1098EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FCE98BEC83Fh 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098EB8 second address: 1098EC2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCE98C42BDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098FF2 second address: 1098FF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1099172 second address: 1099178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109DD71 second address: 109DD76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7581 second address: 10A7587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7587 second address: 10A758B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A758B second address: 10A759E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jno 00007FCE98C42BD6h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A79DC second address: 10A7A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FCE98BEC836h 0x0000000a jmp 00007FCE98BEC83Ah 0x0000000f popad 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007FCE98BEC83Bh 0x00000019 jno 00007FCE98BEC836h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 push edi 0x00000023 jmp 00007FCE98BEC83Fh 0x00000028 pop edi 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7CE2 second address: 10A7CE8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7CE8 second address: 10A7D06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCE98BEC848h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7D06 second address: 10A7D10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A7D10 second address: 10A7D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A8DBF second address: 10A8DD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A6CA0 second address: 10A6CAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FCE98BEC836h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A6CAC second address: 10A6CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10AF2CD second address: 10AF2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10BB55A second address: 10BB564 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10BB564 second address: 10BB56A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1F2B second address: 10C1F3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1F3F second address: 10C1F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1F45 second address: 10C1F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FCE98C42BD6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d jmp 00007FCE98C42BE2h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1F64 second address: 10C1F73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jo 00007FCE98BEC836h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1AD7 second address: 10C1ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1ADB second address: 10C1AE0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1AE0 second address: 10C1AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D787C second address: 10D788B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCE98BEC836h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D788B second address: 10D78AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCE98C42BE7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D78AB second address: 10D78AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D78AF second address: 10D78B9 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCE98C42BD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D63AF second address: 10D63CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FCE98BEC846h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D63CF second address: 10D63D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D63D3 second address: 10D63D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D652B second address: 10D6572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCE98C42BE1h 0x00000008 jno 00007FCE98C42BD6h 0x0000000e popad 0x0000000f push ebx 0x00000010 jmp 00007FCE98C42BDEh 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FCE98C42BE6h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D6572 second address: 10D657E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jo 00007FCE98BEC836h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D657E second address: 10D658D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCE98C42BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D658D second address: 10D6593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D6839 second address: 10D683E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D69D9 second address: 10D69DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D69DD second address: 10D69FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCE98C42BE1h 0x0000000b push esi 0x0000000c pushad 0x0000000d jg 00007FCE98C42BD6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D69FE second address: 10D6A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DAFCD second address: 10DAFD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DAFD3 second address: 10DAFE0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DAFE0 second address: 10DAFE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DAFE4 second address: 10DAFF2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DAFF2 second address: 10DAFF8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E8B20 second address: 10E8B41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCE98BEC845h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC17F second address: 10EC183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F9717 second address: 10F9721 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F9721 second address: 10F9727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F9727 second address: 10F972B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F972B second address: 10F9731 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F9295 second address: 10F92B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FCE98BEC83Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F92B1 second address: 10F92BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F92BA second address: 10F92C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F92C0 second address: 10F92C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: FE6A69 second address: FE6A82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC845h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111225 second address: 111124D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCE98C42BD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007FCE98C42BECh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11113B6 second address: 11113BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11113BC second address: 11113D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BE5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111AD3 second address: 1111AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98BEC83Bh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111AE3 second address: 1111AF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BDAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111AF2 second address: 1111AF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111AF8 second address: 1111B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCE98C42BDAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f je 00007FCE98C42BDEh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111B1E second address: 1111B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111CFF second address: 1111D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1111D03 second address: 1111D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCE98BEC843h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114B64 second address: 1114B6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114B6A second address: 1114BD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FCE98BEC836h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov edx, 11EE0C4Fh 0x00000016 movsx edx, di 0x00000019 push 00000004h 0x0000001b sub edx, 6B893E30h 0x00000021 call 00007FCE98BEC839h 0x00000026 push esi 0x00000027 push edi 0x00000028 jnl 00007FCE98BEC836h 0x0000002e pop edi 0x0000002f pop esi 0x00000030 push eax 0x00000031 jnc 00007FCE98BEC84Bh 0x00000037 jc 00007FCE98BEC845h 0x0000003d mov eax, dword ptr [esp+04h] 0x00000041 jmp 00007FCE98BEC843h 0x00000046 mov eax, dword ptr [eax] 0x00000048 pushad 0x00000049 push esi 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114BD7 second address: 1114BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FCE98C42BD6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114BE4 second address: 1114BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114E85 second address: 1114E93 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1114E93 second address: 1114E97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11160FF second address: 1116103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1116103 second address: 111611F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FCE98BEC836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FCE98BEC83Ah 0x00000010 je 00007FCE98BEC836h 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111611F second address: 111613D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111613D second address: 1116143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1117D54 second address: 1117D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11178B5 second address: 11178C6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jng 00007FCE98BEC836h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270DF0 second address: 5270DF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270DF4 second address: 5270DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270DFA second address: 5270E2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98C42BDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f jmp 00007FCE98C42BE0h 0x00000014 test ecx, ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov di, A610h 0x0000001d mov esi, edi 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E2E second address: 5270E34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E34 second address: 5270E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E38 second address: 5270E66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007FCE98BEC884h 0x0000000e jmp 00007FCE98BEC848h 0x00000013 add eax, ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E66 second address: 5270E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E6A second address: 5270E87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCE98BEC849h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270E87 second address: 5270ED5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 1FB53932h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax+00000860h] 0x00000013 jmp 00007FCE98C42BDFh 0x00000018 test eax, eax 0x0000001a jmp 00007FCE98C42BE6h 0x0000001f je 00007FCF0A308A74h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FCE98C42BDAh 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270ED5 second address: 5270ED9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5270ED9 second address: 5270EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |