Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: Amcache.hve.5.dr |
String found in binary or memory: http://upx.sf.net |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic |
Source: file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://clearancek.site:443/apiz |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akam |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamsta |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.co |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilevC |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vP |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vP05w |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGt |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_resp |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://eaglepawnoy.store:443/api |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1359433873.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565531432.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ |
Source: file.exe, 00000000.00000003.1359433873.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565531432.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ER |
Source: file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apiJ |
Source: file.exe, 00000000.00000002.1565088782.0000000000C38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apiX |
Source: file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apit |
Source: file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apitory |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com:443/api |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com:443/api% |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/K) |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/lin |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565088782.0000000000C10000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900S) |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359433873.0000000000C97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C12000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000002.1565088782.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://studennotediw.store:443/api |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347206379.0000000000C86000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: file.exe, 00000000.00000003.1347379364.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1347379364.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565088782.0000000000C38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-man |
Source: file.exe, 00000000.00000003.1347379364.0000000000C38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: file.exe, 00000000.00000003.1347379364.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1565088782.0000000000C38000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-manqqx |
Source: file.exe, 00000000.00000003.1346961195.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70419F second address: 703A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D28DAh], ecx 0x0000000d jnc 00007F2CB4F0745Ch 0x00000013 push dword ptr [ebp+122D01F1h] 0x00000019 jmp 00007F2CB4F07463h 0x0000001e call dword ptr [ebp+122D1B62h] 0x00000024 pushad 0x00000025 jns 00007F2CB4F0745Ch 0x0000002b xor dword ptr [ebp+122D2F83h], ebx 0x00000031 xor eax, eax 0x00000033 pushad 0x00000034 and cx, 9E5Eh 0x00000039 or cl, 00000071h 0x0000003c popad 0x0000003d mov edx, dword ptr [esp+28h] 0x00000041 or dword ptr [ebp+122D2F83h], esi 0x00000047 mov dword ptr [ebp+122D388Dh], eax 0x0000004d stc 0x0000004e mov esi, 0000003Ch 0x00000053 cld 0x00000054 mov dword ptr [ebp+122D3582h], eax 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e pushad 0x0000005f mov al, dh 0x00000061 push eax 0x00000062 or dword ptr [ebp+122D2642h], ecx 0x00000068 pop edi 0x00000069 popad 0x0000006a lodsw 0x0000006c sub dword ptr [ebp+122D3582h], edi 0x00000072 add eax, dword ptr [esp+24h] 0x00000076 jne 00007F2CB4F0745Ch 0x0000007c or dword ptr [ebp+122D3582h], esi 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 or dword ptr [ebp+122D35F9h], eax 0x0000008c push eax 0x0000008d push edi 0x0000008e pushad 0x0000008f jng 00007F2CB4F07456h 0x00000095 push eax 0x00000096 push edx 0x00000097 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86FF40 second address: 86FF48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86FF48 second address: 86FF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86FF4D second address: 86FF68 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CB4E5A4CEh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jng 00007F2CB4E5A4C6h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F2CB4E5A4C6h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86FF68 second address: 86FF8B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CB4F07456h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F2CB4F0745Ch 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 jl 00007F2CB4F07456h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87CB0F second address: 87CB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2CB4E5A4C6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87CB1B second address: 87CB35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07460h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87CB35 second address: 87CB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87CF5C second address: 87CF60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87D350 second address: 87D35A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2CB4E5A4C6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87D35A second address: 87D39E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F0745Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2CB4F07466h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 jmp 00007F2CB4F07467h 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87D39E second address: 87D3A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F2CB4E5A4C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87D3A9 second address: 87D3AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 880290 second address: 8802A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F2CB4E5A4C6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802A3 second address: 8802B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2CB4F07456h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802B8 second address: 8802BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802BC second address: 8802C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802C0 second address: 8802D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802D5 second address: 8802F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2CB4F0745Fh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8802F0 second address: 703A9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov edi, ecx 0x0000000c push dword ptr [ebp+122D01F1h] 0x00000012 mov si, bx 0x00000015 call dword ptr [ebp+122D1B62h] 0x0000001b pushad 0x0000001c jns 00007F2CB4E5A4CCh 0x00000022 xor eax, eax 0x00000024 pushad 0x00000025 and cx, 9E5Eh 0x0000002a or cl, 00000071h 0x0000002d popad 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 or dword ptr [ebp+122D2F83h], esi 0x00000038 mov dword ptr [ebp+122D388Dh], eax 0x0000003e stc 0x0000003f mov esi, 0000003Ch 0x00000044 cld 0x00000045 mov dword ptr [ebp+122D3582h], eax 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f pushad 0x00000050 mov al, dh 0x00000052 push eax 0x00000053 or dword ptr [ebp+122D2642h], ecx 0x00000059 pop edi 0x0000005a popad 0x0000005b lodsw 0x0000005d sub dword ptr [ebp+122D3582h], edi 0x00000063 add eax, dword ptr [esp+24h] 0x00000067 jne 00007F2CB4E5A4CCh 0x0000006d or dword ptr [ebp+122D3582h], esi 0x00000073 mov ebx, dword ptr [esp+24h] 0x00000077 or dword ptr [ebp+122D35F9h], eax 0x0000007d push eax 0x0000007e push edi 0x0000007f pushad 0x00000080 jng 00007F2CB4E5A4C6h 0x00000086 push eax 0x00000087 push edx 0x00000088 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 880335 second address: 8803D6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CB4F07458h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F2CB4F07458h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 jmp 00007F2CB4F0745Dh 0x0000002c or dword ptr [ebp+122D35C1h], ecx 0x00000032 mov edx, 0A72DAA4h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a mov si, bx 0x0000003d pop esi 0x0000003e push 32B95A55h 0x00000043 js 00007F2CB4F07465h 0x00000049 jmp 00007F2CB4F0745Fh 0x0000004e xor dword ptr [esp], 32B95AD5h 0x00000055 mov dword ptr [ebp+122D1F89h], edx 0x0000005b push 00000003h 0x0000005d mov esi, 2CBFDFDDh 0x00000062 push 00000000h 0x00000064 mov ecx, dword ptr [ebp+122D386Dh] 0x0000006a push 00000003h 0x0000006c mov edx, 40E02065h 0x00000071 push F1883475h 0x00000076 pushad 0x00000077 pushad 0x00000078 push edi 0x00000079 pop edi 0x0000007a jno 00007F2CB4F07456h 0x00000080 popad 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8803D6 second address: 8803DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8803DA second address: 880427 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 31883475h 0x0000000e push edi 0x0000000f mov dx, cx 0x00000012 pop edi 0x00000013 mov esi, 0CDB1576h 0x00000018 lea ebx, dword ptr [ebp+124501F9h] 0x0000001e jmp 00007F2CB4F07464h 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F2CB4F07464h 0x0000002c push esi 0x0000002d pop esi 0x0000002e popad 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 880427 second address: 88042D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 88042D second address: 880431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 88049B second address: 88049F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 88049F second address: 8804A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8804A5 second address: 8804EF instructions: 0x00000000 rdtsc 0x00000002 je 00007F2CB4E5A4CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 565CBA3Ch 0x00000011 mov esi, eax 0x00000013 push 00000003h 0x00000015 xor dword ptr [ebp+122D358Fh], esi 0x0000001b push 00000000h 0x0000001d mov edi, dword ptr [ebp+122D284Ah] 0x00000023 push 00000003h 0x00000025 jmp 00007F2CB4E5A4D5h 0x0000002a push B0754DE6h 0x0000002f push edi 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A0800 second address: 8A0813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F0745Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A0813 second address: 8A0834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D1h 0x00000007 jp 00007F2CB4E5A4D2h 0x0000000d js 00007F2CB4E5A4C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86B111 second address: 86B119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86B119 second address: 86B130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4CEh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86B130 second address: 86B134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89E6AA second address: 89E6B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89E6B0 second address: 89E6D5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2CB4F07456h 0x00000008 jnp 00007F2CB4F07456h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jc 00007F2CB4F07456h 0x00000017 jc 00007F2CB4F07456h 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f popad 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89EAFD second address: 89EB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4CCh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89EB19 second address: 89EB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2CB4F07456h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89EE3D second address: 89EE43 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89EE43 second address: 89EE68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F0745Dh 0x00000007 jl 00007F2CB4F0745Ah 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jng 00007F2CB4F07460h 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89EFD7 second address: 89EFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F29D second address: 89F2A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F2A3 second address: 89F2CE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F2CB4E5A4CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2CB4E5A4D0h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F2CE second address: 89F2D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F6BF second address: 89F6C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F6C3 second address: 89F6D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F2CB4F0745Eh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F953 second address: 89F957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F957 second address: 89F969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F0745Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F969 second address: 89F96E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89F96E second address: 89F990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F2CB4F0745Eh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89FEE1 second address: 89FF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4CDh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F2CB4E5A4D2h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 89FF07 second address: 89FF47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F2CB4F0745Ah 0x00000008 jne 00007F2CB4F07456h 0x0000000e pop eax 0x0000000f jmp 00007F2CB4F07461h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007F2CB4F0745Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 jne 00007F2CB4F07456h 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A00C3 second address: 8A00DB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2CB4E5A4CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F2CB4E5A4C6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A0216 second address: 8A0227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2CB4F07456h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A0227 second address: 8A022D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A022D second address: 8A0231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A0231 second address: 8A0249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A3745 second address: 8A374B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A2343 second address: 8A2347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8A5434 second address: 8A543A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87514E second address: 875154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 875154 second address: 875160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AD45C second address: 8AD460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AD460 second address: 8AD495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2CB4F0745Bh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2CB4F07460h 0x00000014 jmp 00007F2CB4F07460h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AD495 second address: 8AD49E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A4E second address: 871A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F07463h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A65 second address: 871A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A69 second address: 871A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A75 second address: 871A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A79 second address: 871A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F0745Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871A8D second address: 871ACB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2CB4E5A4DFh 0x00000008 jmp 00007F2CB4E5A4D9h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007F2CB4E5A4D9h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 871ACB second address: 871AD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AFE08 second address: 8AFE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F2CB4E5A4C6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AFE17 second address: 8AFE2C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 ja 00007F2CB4F07474h 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F2CB4F07456h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AFE2C second address: 8AFE30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8AFE30 second address: 8AFE3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F2CB4F0745Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B00FD second address: 8B0103 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B0484 second address: 8B048F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1150 second address: 8B1156 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1491 second address: 8B1496 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B15B4 second address: 8B15BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1745 second address: 8B1749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1C20 second address: 8B1C3B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CB4E5A4CCh 0x00000008 jnc 00007F2CB4E5A4C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F2CB4E5A4C8h 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1C3B second address: 8B1C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07462h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a movzx edi, si 0x0000000d push eax 0x0000000e pushad 0x0000000f jp 00007F2CB4F0745Ch 0x00000015 je 00007F2CB4F07456h 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1ED8 second address: 8B1EFC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2CB4E5A4C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2CB4E5A4D6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B1EFC second address: 8B1F03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B2200 second address: 8B2237 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F2CB4E5A4C6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub esi, 4B00334Eh 0x00000015 xchg eax, ebx 0x00000016 push ebx 0x00000017 jmp 00007F2CB4E5A4D9h 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B2712 second address: 8B2724 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2CB4F07456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B4219 second address: 8B4220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B39C0 second address: 8B39C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B42B9 second address: 8B42BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B4E5A second address: 8B4E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B4E60 second address: 8B4E64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B4C01 second address: 8B4C07 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B5991 second address: 8B59EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a nop 0x0000000b mov di, si 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F2CB4E5A4C8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a push edx 0x0000002b or edi, dword ptr [ebp+122D36E1h] 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 jng 00007F2CB4E5A4D2h 0x0000003b js 00007F2CB4E5A4CCh 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B7980 second address: 8B7985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B6C80 second address: 8B6C84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B7760 second address: 8B7766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B7985 second address: 8B7993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CB4E5A4CAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B7766 second address: 8B776C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B7993 second address: 8B79F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jp 00007F2CB4E5A4D0h 0x0000000f nop 0x00000010 jmp 00007F2CB4E5A4CFh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F2CB4E5A4C8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D35F9h] 0x00000037 mov esi, dword ptr [ebp+122D35F9h] 0x0000003d push 00000000h 0x0000003f mov si, ax 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 jp 00007F2CB4E5A4C6h 0x0000004c push eax 0x0000004d pop eax 0x0000004e popad 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B776C second address: 8B7770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B79F9 second address: 8B79FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BB0E5 second address: 8BB163 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07465h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+122D1DE8h] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F2CB4F07458h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e mov bh, A2h 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F2CB4F07458h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c mov edi, dword ptr [ebp+122D365Dh] 0x00000052 push eax 0x00000053 pushad 0x00000054 jp 00007F2CB4F0745Ch 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BB163 second address: 8BB17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F2CB4E5A4D4h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BE0B5 second address: 8BE0BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BE0BA second address: 8BE10C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F2CB4E5A4C8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 mov edi, 3346B884h 0x00000029 push 00000000h 0x0000002b jg 00007F2CB4E5A4CCh 0x00000031 mov ebx, dword ptr [ebp+122D382Dh] 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F2CB4E5A4CDh 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF235 second address: 8BF28C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CB4F07458h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jbe 00007F2CB4F07464h 0x00000011 jmp 00007F2CB4F0745Eh 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F2CB4F07458h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov bx, DE05h 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D304Eh] 0x0000003d push 00000000h 0x0000003f mov bx, 61F2h 0x00000043 xchg eax, esi 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 pop ebx 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF28C second address: 8BF290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF290 second address: 8BF2A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F2CB4F0745Ch 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BC32F second address: 8BC3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edi 0x00000007 jp 00007F2CB4E5A4C8h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 nop 0x00000011 sub dword ptr [ebp+12477E83h], edi 0x00000017 jmp 00007F2CB4E5A4D1h 0x0000001c push dword ptr fs:[00000000h] 0x00000023 pushad 0x00000024 mov dword ptr [ebp+122D2642h], ecx 0x0000002a popad 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 jne 00007F2CB4E5A4E6h 0x00000038 mov eax, dword ptr [ebp+122D0165h] 0x0000003e pushad 0x0000003f xor dword ptr [ebp+122D34C0h], esi 0x00000045 jmp 00007F2CB4E5A4D3h 0x0000004a popad 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push esi 0x00000050 call 00007F2CB4E5A4C8h 0x00000055 pop esi 0x00000056 mov dword ptr [esp+04h], esi 0x0000005a add dword ptr [esp+04h], 0000001Dh 0x00000062 inc esi 0x00000063 push esi 0x00000064 ret 0x00000065 pop esi 0x00000066 ret 0x00000067 mov edi, edx 0x00000069 push eax 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f popad 0x00000070 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BC3E4 second address: 8BC3E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BC3E8 second address: 8BC3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BD334 second address: 8BD338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BC3EE second address: 8BC3F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BD338 second address: 8BD33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BC3F4 second address: 8BC3F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BD423 second address: 8BD428 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BE34C second address: 8BE35E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F2CB4E5A4C6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF3FC second address: 8BF417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07460h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF417 second address: 8BF41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8BF41B second address: 8BF41F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C0500 second address: 8C0506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C0506 second address: 8C050B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C050B second address: 8C0510 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C0510 second address: 8C0516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C2345 second address: 8C23C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F2CB4E5A4CEh 0x00000010 jnc 00007F2CB4E5A4C8h 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F2CB4E5A4C8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov bh, E8h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F2CB4E5A4C8h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+122D1EB6h] 0x00000055 push 00000000h 0x00000057 mov ebx, dword ptr [ebp+122D31CCh] 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 pop edx 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C23C2 second address: 8C23C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C23C8 second address: 8C23CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C168A second address: 8C16AE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2CB4F07458h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jl 00007F2CB4F07456h 0x00000013 jg 00007F2CB4F07456h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007F2CB4F07456h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C16AE second address: 8C16B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C24CE second address: 8C24E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07461h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C603E second address: 8C6042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C805F second address: 8C806A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2CB4F07456h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C806A second address: 8C8070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C8070 second address: 8C8080 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C8080 second address: 8C8085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C8085 second address: 8C808C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C52C9 second address: 8C52CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C53B1 second address: 8C53B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C623A second address: 8C62D2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CB4E5A4CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F2CB4E5A4C8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov edi, 504600C8h 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a jc 00007F2CB4E5A4CAh 0x00000040 mov di, C786h 0x00000044 mov eax, dword ptr [ebp+122D0201h] 0x0000004a push 00000000h 0x0000004c push edx 0x0000004d call 00007F2CB4E5A4C8h 0x00000052 pop edx 0x00000053 mov dword ptr [esp+04h], edx 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc edx 0x00000060 push edx 0x00000061 ret 0x00000062 pop edx 0x00000063 ret 0x00000064 cld 0x00000065 mov edi, esi 0x00000067 push FFFFFFFFh 0x00000069 mov bx, 39B6h 0x0000006d mov bl, ah 0x0000006f push eax 0x00000070 pushad 0x00000071 jmp 00007F2CB4E5A4CFh 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C62D2 second address: 8C62D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C9135 second address: 8C9139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C9139 second address: 8C91AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2CB4F07466h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F2CB4F07458h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov ebx, dword ptr [ebp+122D38B5h] 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 jnl 00007F2CB4F07458h 0x00000037 pop ebx 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b mov ebx, 494DC231h 0x00000040 pop ebx 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F2CB4F07467h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C7263 second address: 8C7267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C3481 second address: 8C349E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07469h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA154 second address: 8CA158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA158 second address: 8CA1E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F2CB4F07458h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 add dword ptr [ebp+122DB6A5h], edx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F2CB4F07458h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 adc bx, 8A81h 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push eax 0x0000004e call 00007F2CB4F07458h 0x00000053 pop eax 0x00000054 mov dword ptr [esp+04h], eax 0x00000058 add dword ptr [esp+04h], 00000015h 0x00000060 inc eax 0x00000061 push eax 0x00000062 ret 0x00000063 pop eax 0x00000064 ret 0x00000065 xchg eax, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 jc 00007F2CB4F07461h 0x0000006e jmp 00007F2CB4F0745Bh 0x00000073 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA1E0 second address: 8CA203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c jo 00007F2CB4E5A4C6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C93B3 second address: 8C93B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8C93B9 second address: 8C93C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F2CB4E5A4C6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA2EE second address: 8CA2F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA2F8 second address: 8CA2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8CA2FC second address: 8CA313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2CB4F0745Dh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 873635 second address: 87363B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87363B second address: 873658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2CB4F07462h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 873658 second address: 87365C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 87365C second address: 873660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8D2AB3 second address: 8D2AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8D7D2D second address: 8D7D37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2CB4F07456h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8D7D37 second address: 8D7D8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop edi 0x0000000e pop ebx 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jns 00007F2CB4E5A4D9h 0x0000001a jmp 00007F2CB4E5A4D3h 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F2CB4E5A4CEh 0x0000002a push eax 0x0000002b pop eax 0x0000002c popad 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8D7D8E second address: 8D7DA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007F2CB4F07456h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jo 00007F2CB4F07460h 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DCE2F second address: 8DCE33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DCE33 second address: 8DCE42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2CB4F07456h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DCF94 second address: 8DCFC0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2CB4E5A4C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2CB4E5A4D4h 0x00000010 jng 00007F2CB4E5A4C6h 0x00000016 jc 00007F2CB4E5A4C6h 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DCFC0 second address: 8DCFD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F2CB4F07456h 0x0000000a je 00007F2CB4F07456h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DCFD0 second address: 8DCFD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DD14F second address: 8DD159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2CB4F07456h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DD403 second address: 8DD407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DD93E second address: 8DD973 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2CB4F07456h 0x00000008 jmp 00007F2CB4F07467h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2CB4F07462h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8DD973 second address: 8DD979 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E06CF second address: 8E06D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E8787 second address: 8E878B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E878B second address: 8E87A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F07468h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E8EFD second address: 8E8F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E8F03 second address: 8E8F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8E8F07 second address: 8E8F30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2CB4E5A4D6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EDF28 second address: 8EDF30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EDF30 second address: 8EDF4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4D1h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EDF4C second address: 8EDF65 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2CB4F07456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007F2CB4F07456h 0x00000011 jbe 00007F2CB4F07456h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE0B5 second address: 8EE0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4CFh 0x00000009 jmp 00007F2CB4E5A4D8h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE0E5 second address: 8EE0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE0EB second address: 8EE0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE381 second address: 8EE387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE387 second address: 8EE38D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE503 second address: 8EE50D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2CB4F07456h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE50D second address: 8EE51E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CB4E5A4C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EE51E second address: 8EE528 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2CB4F07456h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8EDAF4 second address: 8EDAF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F4281 second address: 8F4285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F4285 second address: 8F428B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F428B second address: 8F42AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2CB4F07469h 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B8BAE second address: 8B8BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B8BB4 second address: 8B8BB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9087 second address: 8B908D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B908D second address: 8B9097 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2CB4F0745Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9097 second address: 8B90A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B90A3 second address: 8B90AC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B91C1 second address: 8B91E7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F2CB4E5A4C6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2CB4E5A4D4h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B91E7 second address: 8B91ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B91ED second address: 8B91F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9318 second address: 8B9321 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B93AE second address: 8B93B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B93B2 second address: 8B93C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F2CB4F07460h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B93C6 second address: 8B941A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, esi 0x00000006 push 00000000h 0x00000008 push edx 0x00000009 call 00007F2CB4E5A4C8h 0x0000000e pop edx 0x0000000f mov dword ptr [esp+04h], edx 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc edx 0x0000001c push edx 0x0000001d ret 0x0000001e pop edx 0x0000001f ret 0x00000020 push eax 0x00000021 adc edx, 3EB1D429h 0x00000027 pop edx 0x00000028 nop 0x00000029 push edi 0x0000002a jmp 00007F2CB4E5A4D7h 0x0000002f pop edi 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jbe 00007F2CB4E5A4CCh 0x00000039 jp 00007F2CB4E5A4C6h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B941A second address: 8B9420 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9420 second address: 8B9424 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B96A6 second address: 8B96AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B96AA second address: 8B96BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9DE4 second address: 8B9E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2CB4F0745Dh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F2CB4F07456h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9E05 second address: 8B9E37 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2CB4E5A4CCh 0x0000000c jbe 00007F2CB4E5A4C6h 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F2CB4E5A4D3h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 push esi 0x00000021 push esi 0x00000022 pop esi 0x00000023 pop esi 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9F70 second address: 8B9FA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07465h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F2CB4F07473h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2CB4F07461h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F3415 second address: 8F3442 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4CAh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2CB4E5A4CAh 0x0000000e jmp 00007F2CB4E5A4D5h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F35B6 second address: 8F35C3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CB4F07458h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F3711 second address: 8F3715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F3B53 second address: 8F3B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F2CB4F07456h 0x0000000e popad 0x0000000f jmp 00007F2CB4F07461h 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2CB4F07462h 0x0000001c je 00007F2CB4F07456h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F3B8E second address: 8F3B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F3B92 second address: 8F3B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F6517 second address: 8F651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F651B second address: 8F653D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F2CB4F07462h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86CB81 second address: 86CBAD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CB4E5A4C6h 0x00000008 jmp 00007F2CB4E5A4D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2CB4E5A4CDh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F626E second address: 8F6277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F7AE5 second address: 8F7AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F2CB4E5A4C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8F7AF1 second address: 8F7B1E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2CB4F0745Fh 0x0000000d jmp 00007F2CB4F07466h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86962A second address: 869639 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jc 00007F2CB4E5A4C6h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA7FC second address: 8FA80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F2CB4F0745Ah 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA80C second address: 8FA810 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA067 second address: 8FA079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F2CB4F07456h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA079 second address: 8FA07D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA201 second address: 8FA207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA207 second address: 8FA20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FA4E1 second address: 8FA4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8FFD56 second address: 8FFD7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jl 00007F2CB4E5A4C6h 0x0000000c popad 0x0000000d jmp 00007F2CB4E5A4D8h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B98F6 second address: 8B9980 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2CB4F07458h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D33F5h], ebx 0x00000011 mov ebx, dword ptr [ebp+1248881Bh] 0x00000017 pushad 0x00000018 add cx, 2E92h 0x0000001d mov ecx, esi 0x0000001f popad 0x00000020 mov ecx, dword ptr [ebp+122D3759h] 0x00000026 add eax, ebx 0x00000028 jne 00007F2CB4F07457h 0x0000002e push eax 0x0000002f pushad 0x00000030 push esi 0x00000031 jnc 00007F2CB4F07456h 0x00000037 pop esi 0x00000038 push ebx 0x00000039 jmp 00007F2CB4F07460h 0x0000003e pop ebx 0x0000003f popad 0x00000040 mov dword ptr [esp], eax 0x00000043 push 00000000h 0x00000045 push esi 0x00000046 call 00007F2CB4F07458h 0x0000004b pop esi 0x0000004c mov dword ptr [esp+04h], esi 0x00000050 add dword ptr [esp+04h], 00000018h 0x00000058 inc esi 0x00000059 push esi 0x0000005a ret 0x0000005b pop esi 0x0000005c ret 0x0000005d push 00000004h 0x0000005f mov dword ptr [ebp+122D1CBEh], ebx 0x00000065 nop 0x00000066 ja 00007F2CB4F0745Ah 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8B9980 second address: 8B9987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 903C38 second address: 903C46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 903C46 second address: 903C4B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9032A5 second address: 9032CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2CB4F0745Ch 0x0000000c jmp 00007F2CB4F07466h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9032CE second address: 9032D4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9032D4 second address: 9032F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CB4F07463h 0x00000009 je 00007F2CB4F07456h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 906D42 second address: 906D5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4D4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 906D5A second address: 906D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 906D68 second address: 906D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 906D6C second address: 906D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 907009 second address: 90700F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90747C second address: 907482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9075BD second address: 9075C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9075C1 second address: 9075D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F0745Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9075D8 second address: 907601 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2CB4E5A4C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jne 00007F2CB4E5A4C6h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F2CB4E5A4D1h 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 907601 second address: 90760C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90760C second address: 907617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90F65F second address: 90F698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F07464h 0x00000009 pop ecx 0x0000000a push edi 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2CB4F07469h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90DB4A second address: 90DB4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90DB4E second address: 90DB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F2CB4F07456h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90DB5E second address: 90DB62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 90EBCB second address: 90EBCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9140D4 second address: 9140D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9140D8 second address: 9140DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 913272 second address: 913278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 913278 second address: 91327C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9133D7 second address: 9133E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9133E3 second address: 9133E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9133E7 second address: 9133EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 913541 second address: 913551 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2CB4F07456h 0x00000008 jng 00007F2CB4F07456h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91368E second address: 913697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 913697 second address: 91369D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9137E7 second address: 91381D instructions: 0x00000000 rdtsc 0x00000002 je 00007F2CB4E5A4C6h 0x00000008 jmp 00007F2CB4E5A4D7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 js 00007F2CB4E5A4C6h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c push edx 0x0000001d jbe 00007F2CB4E5A4C6h 0x00000023 pop edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 918741 second address: 918757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop eax 0x0000000c jc 00007F2CB4F07475h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F235 second address: 91F23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F23E second address: 91F244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F244 second address: 91F24E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2CB4E5A4C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F24E second address: 91F253 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F65F second address: 91F66F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2CB4E5A4C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 91F799 second address: 91F7B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2CB4F0745Eh 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 920295 second address: 92029B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 92029B second address: 9202A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2CB4F07456h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9202A6 second address: 9202BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4E5A4CDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 92098E second address: 9209AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4F07466h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 926FCB second address: 926FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 926FD4 second address: 926FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 86FF7C second address: 86FF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jl 00007F2CB4E5A4C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 932818 second address: 932827 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F0745Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 934EC1 second address: 934EC7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 93DE0D second address: 93DE1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F2CB4F0745Eh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 93DE1C second address: 93DE3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4CAh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F2CB4E5A4CFh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 93DE3E second address: 93DE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 93DE44 second address: 93DE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007F2CB4E5A4D2h 0x0000000d pushad 0x0000000e jmp 00007F2CB4E5A4D8h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 942766 second address: 94276A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 94276A second address: 94278C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2CB4E5A4D3h 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 955F94 second address: 955F98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 955F98 second address: 955F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9548BC second address: 9548C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 954D31 second address: 954D3F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2CB4E5A4C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 954D3F second address: 954D45 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95506E second address: 955079 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 955079 second address: 95507F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 959C07 second address: 959C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95BC46 second address: 95BC5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2CB4F07460h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95B7AF second address: 95B7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2CB4E5A4C6h 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95B93E second address: 95B942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95B942 second address: 95B992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2CB4E5A4C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F2CB4E5A4D9h 0x00000013 jmp 00007F2CB4E5A4D9h 0x00000018 pushad 0x00000019 jmp 00007F2CB4E5A4CDh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 95B992 second address: 95B9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F2CB4F0745Ch 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9663FD second address: 966413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F2CB4E5A4CCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 966413 second address: 966422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 966422 second address: 966437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2CB4E5A4D0h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 966437 second address: 966441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2CB4F07456h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 966441 second address: 966459 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2CB4E5A4CFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 96BC67 second address: 96BC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 96BC72 second address: 96BC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 96BC78 second address: 96BC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 96945F second address: 969472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2CB4E5A4CDh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 969472 second address: 969484 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F2CB4F07456h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 978C95 second address: 978C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2CB4E5A4C6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 978C9F second address: 978CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 97CC46 second address: 97CC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 jng 00007F2CB4E5A4C6h 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 995217 second address: 995221 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2CB4F07456h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9943C2 second address: 9943E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F2CB4E5A4CAh 0x0000000b jmp 00007F2CB4E5A4CAh 0x00000010 jc 00007F2CB4E5A4C6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9943E4 second address: 9943F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F2CB4F07456h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9949E2 second address: 9949E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9949E8 second address: 9949EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9949EC second address: 9949F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2CB4E5A4C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 994B55 second address: 994B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2CB4F07456h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push ebx 0x0000000e jnc 00007F2CB4F07456h 0x00000014 pop ebx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 994DE1 second address: 994DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2CB4E5A4C6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 999588 second address: 99958C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 99958C second address: 999625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov dh, ah 0x0000000a push 00000004h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F2CB4E5A4C8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov edx, eax 0x00000028 call 00007F2CB4E5A4C9h 0x0000002d jmp 00007F2CB4E5A4D3h 0x00000032 push eax 0x00000033 pushad 0x00000034 jc 00007F2CB4E5A4CCh 0x0000003a jc 00007F2CB4E5A4C6h 0x00000040 jmp 00007F2CB4E5A4D2h 0x00000045 popad 0x00000046 mov eax, dword ptr [esp+04h] 0x0000004a jbe 00007F2CB4E5A4CAh 0x00000050 push ebx 0x00000051 push edx 0x00000052 pop edx 0x00000053 pop ebx 0x00000054 mov eax, dword ptr [eax] 0x00000056 pushad 0x00000057 jmp 00007F2CB4E5A4D2h 0x0000005c jl 00007F2CB4E5A4CCh 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 999625 second address: 999643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 jc 00007F2CB4F0746Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2CB4F0745Dh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 99990A second address: 999949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2CB4E5A4C6h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d jp 00007F2CB4E5A4D1h 0x00000013 push dword ptr [ebp+122D2167h] 0x00000019 push eax 0x0000001a mov edx, dword ptr [ebp+122D324Ch] 0x00000020 pop edx 0x00000021 call 00007F2CB4E5A4C9h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jnp 00007F2CB4E5A4C6h 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 999949 second address: 999953 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2CB4F07456h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 999953 second address: 999959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 999959 second address: 99995D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 99AD8A second address: 99AD9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F2CB4E5A4C6h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A50B45 second address: 4A50B4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A50B4B second address: 4A50B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e jmp 00007F2CB4E5A4D5h 0x00000013 test eax, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov cx, bx 0x0000001b mov esi, edx 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A50B79 second address: 4A50BA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2CB4F07460h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2D25EED628h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2CB4F0745Ah 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 4A50BA1 second address: 4A50BA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |