Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bathdoomgaz.store:443/api |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://clearancek.site:443/api |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG& |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dissapoiznw.store:443/api |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://eaglepawnoy.store:443/apiP |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://licendfilteo.site:443/api |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/ |
Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/0 |
Source: file.exe, 00000000.00000002.1951560374.00000000012B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/C: |
Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.00000000012B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.00000000012B3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api |
Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/api0 |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apiA |
Source: file.exe, 00000000.00000003.1749512570.00000000012C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com/apirt.c |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sergei-esenin.com:443/api |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749512570.0000000001298000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000002.1951560374.0000000001293000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1749512570.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1951560374.000000000129E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://studennotediw.store:443/api |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
Source: file.exe, 00000000.00000003.1749512570.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-manag |
Source: file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749627824.0000000001326000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1743087878.000000000130D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1749477612.000000000131D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1743123008.00000000012D7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 59484B second address: 594852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 707CAE second address: 707CDA instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192480B8h 0x00000008 ja 00007EFF192480C9h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 707CDA second address: 707CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 707CDF second address: 707D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BFh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFF192480C3h 0x0000000e jmp 00007EFF192480BDh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 707F9B second address: 707FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jbe 00007EFF192B60FEh 0x0000000d jng 00007EFF192B60EAh 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7082D7 second address: 7082F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007EFF192480B6h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFF192480C3h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7082F7 second address: 7082FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7082FB second address: 708301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 708301 second address: 708307 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 708307 second address: 70831C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70831C second address: 708320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 708320 second address: 708336 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007EFF192480BCh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7084B1 second address: 7084D2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192B60F6h 0x00000008 pushad 0x00000009 js 00007EFF192B60E6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7084D2 second address: 7084D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A07C second address: 70A0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov dword ptr [ebp+122D2618h], eax 0x0000000c push 00000000h 0x0000000e movzx edi, si 0x00000011 push 277B8F56h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007EFF192B60F5h 0x0000001e push eax 0x0000001f pop eax 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A0AD second address: 70A137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 277B8FD6h 0x00000010 movsx esi, di 0x00000013 push 00000003h 0x00000015 mov edi, dword ptr [ebp+122D2B0Dh] 0x0000001b push 00000000h 0x0000001d movsx esi, cx 0x00000020 push 00000003h 0x00000022 or edx, 09456019h 0x00000028 push F4D1B3CCh 0x0000002d pushad 0x0000002e jg 00007EFF192480CCh 0x00000034 jmp 00007EFF192480C6h 0x00000039 jne 00007EFF192480BCh 0x0000003f popad 0x00000040 xor dword ptr [esp], 34D1B3CCh 0x00000047 mov dword ptr [ebp+122D1D61h], edx 0x0000004d add edi, dword ptr [ebp+122D2CE9h] 0x00000053 lea ebx, dword ptr [ebp+12449F4Bh] 0x00000059 and edx, 20CAE82Eh 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 jng 00007EFF192480B6h 0x0000006b popad 0x0000006c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A19E second address: 70A1A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A1A2 second address: 70A1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007EFF192480C8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A1C7 second address: 70A1CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A1CB second address: 70A1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 and edi, 5A017D71h 0x0000000e push 00000000h 0x00000010 mov edi, edx 0x00000012 call 00007EFF192480B9h 0x00000017 jmp 00007EFF192480BBh 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A1F7 second address: 70A1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A1FC second address: 70A216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A216 second address: 70A230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A230 second address: 70A266 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007EFF192480BCh 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 jc 00007EFF192480E3h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007EFF192480C4h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A373 second address: 70A405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F3h 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dx, 1400h 0x00000011 xor dword ptr [ebp+122D2955h], ebx 0x00000017 push 00000000h 0x00000019 mov dl, C0h 0x0000001b mov edi, dword ptr [ebp+122D2E59h] 0x00000021 push B3533331h 0x00000026 jmp 00007EFF192B60EBh 0x0000002b add dword ptr [esp], 4CACCD4Fh 0x00000032 sub dword ptr [ebp+122D1D6Bh], eax 0x00000038 push 00000003h 0x0000003a sub ecx, 70FDE648h 0x00000040 push 00000000h 0x00000042 push 00000003h 0x00000044 push 00000000h 0x00000046 push esi 0x00000047 call 00007EFF192B60E8h 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], esi 0x00000051 add dword ptr [esp+04h], 00000017h 0x00000059 inc esi 0x0000005a push esi 0x0000005b ret 0x0000005c pop esi 0x0000005d ret 0x0000005e call 00007EFF192B60E9h 0x00000063 jmp 00007EFF192B60EBh 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d pushad 0x0000006e popad 0x0000006f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A405 second address: 70A40F instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A40F second address: 70A45F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007EFF192B60F5h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push esi 0x00000015 pushad 0x00000016 jno 00007EFF192B60E6h 0x0000001c jmp 00007EFF192B60EBh 0x00000021 popad 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A45F second address: 70A465 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A465 second address: 70A46A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A46A second address: 70A4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007EFF192480B8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 lea ebx, dword ptr [ebp+12449F5Fh] 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007EFF192480B8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 0000001Bh 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D2618h], esi 0x00000048 xchg eax, ebx 0x00000049 jne 00007EFF192480CEh 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A4E7 second address: 70A4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A4EB second address: 70A4EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A4EF second address: 70A4F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 70A4F5 second address: 70A50D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FF332 second address: 6FF338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FF338 second address: 6FF33D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FF33D second address: 6FF367 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFF192B60F1h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FF367 second address: 6FF377 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A36B second address: 72A371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A371 second address: 72A375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A375 second address: 72A391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A391 second address: 72A399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A399 second address: 72A39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A689 second address: 72A695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192480B6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A695 second address: 72A6A3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72A7DD second address: 72A810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFF192480B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007EFF192480C1h 0x00000013 jmp 00007EFF192480BBh 0x00000018 jmp 00007EFF192480C3h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72AACD second address: 72AAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007EFF192B60F6h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72B054 second address: 72B05B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72249E second address: 7224A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72BB2E second address: 72BB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72BB33 second address: 72BB4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192B60F3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 72BCE4 second address: 72BCEE instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFF192480B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73306F second address: 733073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 733073 second address: 73307C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73212A second address: 73212E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7332A1 second address: 7332A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7374FF second address: 737503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7379AB second address: 7379B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7379B7 second address: 7379BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7379BD second address: 7379C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 739C77 second address: 739C97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007EFF192B60F8h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A0BF second address: 73A0C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A1FF second address: 73A215 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192B60E8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007EFF192B60E6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A215 second address: 73A219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A3B4 second address: 73A3BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A899 second address: 73A8B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A8B2 second address: 73A8C4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFF192B60E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A8C4 second address: 73A8F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007EFF192480C3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A8F4 second address: 73A906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebx 0x00000007 push eax 0x00000008 jng 00007EFF192B60F4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73A906 second address: 73A90A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B3F1 second address: 73B3F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B3F8 second address: 73B3FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B3FE second address: 73B402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B402 second address: 73B406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B406 second address: 73B461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007EFF192B60EEh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007EFF192B60E8h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1F10h], edx 0x0000002f push 00000000h 0x00000031 xor esi, dword ptr [ebp+122D5E12h] 0x00000037 push 00000000h 0x00000039 mov edi, dword ptr [ebp+122D2DFDh] 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 js 00007EFF192B60ECh 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73B461 second address: 73B478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007EFF192480B8h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007EFF192480BCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73BC48 second address: 73BC60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73CE2E second address: 73CE34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73D98B second address: 73D991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73D991 second address: 73D9CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D2959h], edi 0x00000011 push 00000000h 0x00000013 mov esi, 28186B0Fh 0x00000018 push 00000000h 0x0000001a add dword ptr [ebp+122D2B2Dh], esi 0x00000020 xchg eax, ebx 0x00000021 pushad 0x00000022 jns 00007EFF192480B8h 0x00000028 push eax 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b pop eax 0x0000002c popad 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jnc 00007EFF192480B6h 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73D9CB second address: 73D9D1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73E355 second address: 73E359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73E359 second address: 73E3E6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007EFF192B60E8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D1FFCh], ebx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007EFF192B60E8h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a or esi, dword ptr [ebp+122D2E4Dh] 0x00000050 mov si, di 0x00000053 jc 00007EFF192B60EEh 0x00000059 push edx 0x0000005a ja 00007EFF192B60E6h 0x00000060 pop edi 0x00000061 push 00000000h 0x00000063 mov esi, dword ptr [ebp+122D2B13h] 0x00000069 xchg eax, ebx 0x0000006a jmp 00007EFF192B60EFh 0x0000006f push eax 0x00000070 pushad 0x00000071 jns 00007EFF192B60ECh 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73E3E6 second address: 73E3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73E3EE second address: 73E3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73EE8A second address: 73EEE8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007EFF192480B8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 pushad 0x00000029 je 00007EFF192480B9h 0x0000002f movsx ecx, dx 0x00000032 pushad 0x00000033 mov edi, dword ptr [ebp+122D2650h] 0x00000039 and di, 5F49h 0x0000003e popad 0x0000003f popad 0x00000040 push 00000000h 0x00000042 mov dword ptr [ebp+124711A1h], ebx 0x00000048 push 00000000h 0x0000004a mov esi, 1342C22Ah 0x0000004f xchg eax, ebx 0x00000050 pushad 0x00000051 pushad 0x00000052 pushad 0x00000053 popad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73EEE8 second address: 73EEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73EEF0 second address: 73EF01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a js 00007EFF192480B6h 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7404D1 second address: 7404D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 742E1B second address: 742E38 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFF192480BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jns 00007EFF192480B6h 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 742E38 second address: 742E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007EFF192B60E6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 742E42 second address: 742E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 743E24 second address: 743E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7420DD second address: 7420F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7420F0 second address: 7420F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 744DEE second address: 744DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7420F6 second address: 74219C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007EFF192B60F5h 0x00000013 cmc 0x00000014 pop ebx 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007EFF192B60E8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 movzx edi, cx 0x00000039 mov dword ptr [ebp+1244A564h], ecx 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 movsx edi, cx 0x00000049 mov eax, dword ptr [ebp+122D0B7Dh] 0x0000004f push 00000000h 0x00000051 push eax 0x00000052 call 00007EFF192B60E8h 0x00000057 pop eax 0x00000058 mov dword ptr [esp+04h], eax 0x0000005c add dword ptr [esp+04h], 0000001Ah 0x00000064 inc eax 0x00000065 push eax 0x00000066 ret 0x00000067 pop eax 0x00000068 ret 0x00000069 js 00007EFF192B60ECh 0x0000006f sbb edi, 4AECE245h 0x00000075 push FFFFFFFFh 0x00000077 mov dword ptr [ebp+122D2469h], eax 0x0000007d push eax 0x0000007e push ecx 0x0000007f push eax 0x00000080 push edx 0x00000081 pushad 0x00000082 popad 0x00000083 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 744DF2 second address: 744E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007EFF192480B6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 743FB5 second address: 74404E instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192B60E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1CA2h], edx 0x00000015 mov ebx, dword ptr [ebp+122D33AFh] 0x0000001b push dword ptr fs:[00000000h] 0x00000022 mov di, cx 0x00000025 mov edi, 18EA05BBh 0x0000002a mov dword ptr fs:[00000000h], esp 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007EFF192B60E8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b add dword ptr [ebp+122D266Dh], edi 0x00000051 mov eax, dword ptr [ebp+122D1015h] 0x00000057 push 00000000h 0x00000059 push eax 0x0000005a call 00007EFF192B60E8h 0x0000005f pop eax 0x00000060 mov dword ptr [esp+04h], eax 0x00000064 add dword ptr [esp+04h], 00000018h 0x0000006c inc eax 0x0000006d push eax 0x0000006e ret 0x0000006f pop eax 0x00000070 ret 0x00000071 add dword ptr [ebp+1244BC44h], eax 0x00000077 push FFFFFFFFh 0x00000079 add edi, 1144499Ah 0x0000007f adc ebx, 50CDC53Ah 0x00000085 push eax 0x00000086 pushad 0x00000087 push eax 0x00000088 push edx 0x00000089 jne 00007EFF192B60E6h 0x0000008f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74404E second address: 74405B instructions: 0x00000000 rdtsc 0x00000002 je 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 744F5F second address: 744F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 746E78 second address: 746E82 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 744F63 second address: 744F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 746FDE second address: 746FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 746FE2 second address: 746FE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 749064 second address: 749133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007EFF192480C5h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007EFF192480B8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov ebx, dword ptr [ebp+122D2DB1h] 0x0000002e jmp 00007EFF192480BEh 0x00000033 push dword ptr fs:[00000000h] 0x0000003a call 00007EFF192480BCh 0x0000003f mov di, D311h 0x00000043 pop ebx 0x00000044 add edi, dword ptr [ebp+122D2E9Dh] 0x0000004a mov dword ptr fs:[00000000h], esp 0x00000051 push 00000000h 0x00000053 push ebx 0x00000054 call 00007EFF192480B8h 0x00000059 pop ebx 0x0000005a mov dword ptr [esp+04h], ebx 0x0000005e add dword ptr [esp+04h], 00000016h 0x00000066 inc ebx 0x00000067 push ebx 0x00000068 ret 0x00000069 pop ebx 0x0000006a ret 0x0000006b or dword ptr [ebp+122D1CD0h], eax 0x00000071 mov eax, dword ptr [ebp+122D06C9h] 0x00000077 jmp 00007EFF192480BAh 0x0000007c push FFFFFFFFh 0x0000007e jnc 00007EFF192480BCh 0x00000084 push eax 0x00000085 pushad 0x00000086 push eax 0x00000087 push edx 0x00000088 jmp 00007EFF192480C2h 0x0000008d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 749133 second address: 749145 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007EFF192B60ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74D6E7 second address: 74D6F1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFF192480BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74D6F1 second address: 74D748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007EFF192B60EEh 0x0000000d push ebx 0x0000000e jbe 00007EFF192B60E6h 0x00000014 pop ebx 0x00000015 nop 0x00000016 add bl, FFFFFFDFh 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007EFF192B60E8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 mov di, F726h 0x00000039 jbe 00007EFF192B60ECh 0x0000003f mov edi, dword ptr [ebp+1244A580h] 0x00000045 push 00000000h 0x00000047 xor dword ptr [ebp+122D26F7h], eax 0x0000004d xchg eax, esi 0x0000004e push edx 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74D748 second address: 74D74E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74E7CD second address: 74E7D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74E7D1 second address: 74E7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007EFF192480B6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74E7E2 second address: 74E7E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74F759 second address: 74F7EE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007EFF192480C9h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007EFF192480B8h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c xor bx, BCE8h 0x00000031 jns 00007EFF192480C9h 0x00000037 push edx 0x00000038 jmp 00007EFF192480C1h 0x0000003d pop ebx 0x0000003e push 00000000h 0x00000040 mov bx, cx 0x00000043 push 00000000h 0x00000045 jne 00007EFF192480BCh 0x0000004b or dword ptr [ebp+122D3A3Ch], edi 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007EFF192480C9h 0x00000059 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74D883 second address: 74D926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 mov ebx, dword ptr [ebp+122D2680h] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007EFF192B60E8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 sbb bx, 39AFh 0x0000003c movzx ebx, cx 0x0000003f mov eax, dword ptr [ebp+122D09FDh] 0x00000045 mov bl, 5Ah 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007EFF192B60E8h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 00000014h 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 pushad 0x00000064 mov esi, dword ptr [ebp+1245C7BDh] 0x0000006a mov ecx, dword ptr [ebp+122D2BF1h] 0x00000070 popad 0x00000071 nop 0x00000072 jmp 00007EFF192B60F9h 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007EFF192B60EDh 0x0000007f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 750859 second address: 75085E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7508F8 second address: 750902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192B60E6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74F985 second address: 74FA0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007EFF192480C3h 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 jg 00007EFF192480B8h 0x00000018 jmp 00007EFF192480BEh 0x0000001d popad 0x0000001e nop 0x0000001f push ecx 0x00000020 cmc 0x00000021 pop edi 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 call 00007EFF192480C7h 0x00000035 mov edi, dword ptr [ebp+122D2D05h] 0x0000003b pop edi 0x0000003c mov eax, dword ptr [ebp+122D1311h] 0x00000042 clc 0x00000043 mov dword ptr [ebp+1244A571h], ecx 0x00000049 push FFFFFFFFh 0x0000004b mov ebx, dword ptr [ebp+122D3D48h] 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push ecx 0x00000056 pop ecx 0x00000057 pop eax 0x00000058 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 750902 second address: 750913 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 74FA0D second address: 74FA12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 751925 second address: 75192F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007EFF192B60E6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 750B17 second address: 750B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 750B1B second address: 750B1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 752BFC second address: 752C06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007EFF192480B6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 752C06 second address: 752C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 757C33 second address: 757C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 75AAD7 second address: 75AADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 75AADB second address: 75AADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 761763 second address: 761769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 761769 second address: 76176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 761885 second address: 76188B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 766755 second address: 76676A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 76676A second address: 766770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FBD13 second address: 6FBD1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007EFF192480B6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765435 second address: 76543B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 76543B second address: 765441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765441 second address: 765447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765447 second address: 765478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 pushad 0x0000000a jmp 00007EFF192480BFh 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007EFF192480BEh 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765478 second address: 765494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 jl 00007EFF192B60E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765494 second address: 76549E instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFF192480B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 76549E second address: 7654B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765C19 second address: 765C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765C1F second address: 765C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765C23 second address: 765C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 765EB7 second address: 765EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7662E1 second address: 766302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007EFF192480C5h 0x0000000d popad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 76D882 second address: 76D88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007EFF192B60E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 76D88E second address: 76D893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 773345 second address: 773349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 773349 second address: 77334D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77334D second address: 773353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 773353 second address: 773394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jbe 00007EFF192480B8h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007EFF192480BFh 0x00000016 jl 00007EFF192480B6h 0x0000001c jmp 00007EFF192480C9h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772039 second address: 77203F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77203F second address: 772044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772044 second address: 772049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772194 second address: 772198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772B4F second address: 772B57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772CB5 second address: 772CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772FD8 second address: 772FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFF192B60F7h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 772FF8 second address: 773014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007EFF192480C0h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 773014 second address: 77303C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007EFF192B60ECh 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77303C second address: 773040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777CEF second address: 777D0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007EFF192B60EAh 0x0000000e jl 00007EFF192B60E6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777D0B second address: 777D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C6h 0x00000009 jne 00007EFF192480B6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776A41 second address: 776A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F8h 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776A5E second address: 776A78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C5h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 738AAC second address: 59402A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 nop 0x00000009 mov cx, A3E6h 0x0000000d push dword ptr [ebp+122D1089h] 0x00000013 xor dword ptr [ebp+122D28F6h], edx 0x00000019 call dword ptr [ebp+122D1D19h] 0x0000001f pushad 0x00000020 jmp 00007EFF192B60F2h 0x00000025 or dword ptr [ebp+122D250Bh], ecx 0x0000002b xor eax, eax 0x0000002d mov dword ptr [ebp+122D250Bh], ebx 0x00000033 jmp 00007EFF192B60F0h 0x00000038 mov edx, dword ptr [esp+28h] 0x0000003c pushad 0x0000003d mov di, ax 0x00000040 xor dword ptr [ebp+122D250Bh], edi 0x00000046 popad 0x00000047 mov dword ptr [ebp+122D2CC5h], eax 0x0000004d jmp 00007EFF192B60EAh 0x00000052 or dword ptr [ebp+122D296Dh], ebx 0x00000058 mov esi, 0000003Ch 0x0000005d mov dword ptr [ebp+122D1D6Bh], edi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 jno 00007EFF192B60F4h 0x0000006d lodsw 0x0000006f pushad 0x00000070 mov bl, ch 0x00000072 jmp 00007EFF192B60EDh 0x00000077 popad 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c cld 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 or dword ptr [ebp+122D250Bh], ecx 0x00000087 pushad 0x00000088 mov ebx, dword ptr [ebp+122D2F01h] 0x0000008e mov ecx, eax 0x00000090 popad 0x00000091 nop 0x00000092 jmp 00007EFF192B60F6h 0x00000097 push eax 0x00000098 push eax 0x00000099 push edx 0x0000009a jmp 00007EFF192B60EFh 0x0000009f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 738BBF second address: 738BC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 738C6C second address: 738CC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007EFF192B60E6h 0x00000009 jl 00007EFF192B60E6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 756102ADh 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007EFF192B60E8h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 push 5833BB48h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007EFF192B60F9h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 738FC8 second address: 738FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7390E9 second address: 73912F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edx, edi 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007EFF192B60E8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov dword ptr [ebp+122D1D54h], edi 0x00000037 push eax 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 739485 second address: 7394AE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192480B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFF192480C8h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7394AE second address: 7394B4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FA267 second address: 6FA26D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FA26D second address: 6FA271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 6FA271 second address: 6FA29F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007EFF192480C1h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776D2E second address: 776D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFF192B60F1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776D44 second address: 776D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007EFF192480BDh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776F0F second address: 776F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776F13 second address: 776F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776F1B second address: 776F25 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192B60EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 776F25 second address: 776F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007EFF192480BAh 0x0000000c ja 00007EFF192480B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7770B1 second address: 7770C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7770C9 second address: 7770CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777200 second address: 777208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777208 second address: 77720E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77720E second address: 777217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7773AD second address: 7773B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7773B1 second address: 7773B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7773B7 second address: 7773C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7773C2 second address: 7773C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77768D second address: 7776A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7776A4 second address: 7776D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFF192B60F7h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777821 second address: 777825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 777825 second address: 77783B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77D58E second address: 77D5A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push edi 0x0000000a jnp 00007EFF192480C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77DE15 second address: 77DE1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77DE1B second address: 77DE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 77DE1F second address: 77DE23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7811D9 second address: 7811DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7811DD second address: 781206 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007EFF192B60ECh 0x00000010 jmp 00007EFF192B60F1h 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7830DE second address: 7830E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 785067 second address: 78506C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78506C second address: 785088 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFF192480CEh 0x00000008 jmp 00007EFF192480C2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78521F second address: 785252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jmp 00007EFF192B60ECh 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007EFF192B60E6h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007EFF192B60F0h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 785252 second address: 785263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BCh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788E86 second address: 788EA6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007EFF192B60F7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788EA6 second address: 788EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788EAC second address: 788EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788EB1 second address: 788EB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788EB7 second address: 788ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 788ECA second address: 788EDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007EFF192480D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78919A second address: 78919E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78919E second address: 7891D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFF192480C9h 0x0000000b jmp 00007EFF192480C0h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7891D3 second address: 7891E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007EFF192B60ECh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7891E6 second address: 7891FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480BFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7891FB second address: 7891FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7891FF second address: 789203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 789203 second address: 789209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78AA95 second address: 78AAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007EFF192480C3h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 700ECD second address: 700EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007EFF192B60E6h 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 700EDA second address: 700F05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007EFF192480BFh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 700F05 second address: 700F09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 78C043 second address: 78C047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 791D18 second address: 791D1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 791D1D second address: 791D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BCh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFF192480C4h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7909CD second address: 7909D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7909D1 second address: 7909DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7909DB second address: 7909FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007EFF192B60E6h 0x0000000a jmp 00007EFF192B60F5h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7909FA second address: 790A17 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFF192480B6h 0x00000008 jc 00007EFF192480B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007EFF192480BBh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 790B68 second address: 790B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79698E second address: 7969C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007EFF192480B6h 0x0000000a jp 00007EFF192480B6h 0x00000010 popad 0x00000011 pushad 0x00000012 jno 00007EFF192480B6h 0x00000018 je 00007EFF192480B6h 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 jc 00007EFF192480B6h 0x0000002a jne 00007EFF192480B6h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 795F0A second address: 795F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007EFF192B60E6h 0x0000000a pop ebx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007EFF192B60E6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 795F25 second address: 795F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 796090 second address: 796096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79F077 second address: 79F07B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79CEE3 second address: 79CF0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EDh 0x00000009 jmp 00007EFF192B60F4h 0x0000000e popad 0x0000000f push ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D1C2 second address: 79D201 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFF192480B6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007EFF192480C5h 0x00000018 jmp 00007EFF192480C5h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D201 second address: 79D21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007EFF192B60FFh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007EFF192B60EDh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D81B second address: 79D82B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D82B second address: 79D830 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D830 second address: 79D84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79D84D second address: 79D864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007EFF192B60E8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79DB67 second address: 79DB70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79DB70 second address: 79DB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79DB79 second address: 79DB99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 jnc 00007EFF192480C5h 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79DEA7 second address: 79DEAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79E15E second address: 79E162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79E6CF second address: 79E72A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFF192B60EDh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007EFF192B60EAh 0x0000000f jmp 00007EFF192B60ECh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007EFF192B60F9h 0x0000001f jmp 00007EFF192B60F3h 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 79EA37 second address: 79EA3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A060F second address: 7A0616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A39E8 second address: 7A39EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A39EE second address: 7A39F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A39F2 second address: 7A39F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A39F6 second address: 7A3A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007EFF192B60E6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A3B5B second address: 7A3B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A3B5F second address: 7A3B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60F6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A3E4F second address: 7A3E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A3E5D second address: 7A3E80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007EFF192B60E6h 0x0000000e jmp 00007EFF192B60F5h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A3FFB second address: 7A4007 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4007 second address: 7A400D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A400D second address: 7A4013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4013 second address: 7A401C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4183 second address: 7A4187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4187 second address: 7A419D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFF192B60F0h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A419D second address: 7A41AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007EFF192480B6h 0x00000009 jnp 00007EFF192480B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4476 second address: 7A447C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A447C second address: 7A4496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jmp 00007EFF192480BFh 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7A4496 second address: 7A449A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AF95D second address: 7AF9B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jc 00007EFF192480B6h 0x00000014 jl 00007EFF192480B6h 0x0000001a jmp 00007EFF192480C1h 0x0000001f popad 0x00000020 pushad 0x00000021 jmp 00007EFF192480C0h 0x00000026 jmp 00007EFF192480C9h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AF9B5 second address: 7AF9C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007EFF192B60F2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AF9C2 second address: 7AF9C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFAF5 second address: 7AFB0A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007EFF192B60E6h 0x0000000d jbe 00007EFF192B60E6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFC89 second address: 7AFC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFDD5 second address: 7AFDE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFF63 second address: 7AFF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007EFF192480B6h 0x0000000a pop ebx 0x0000000b jo 00007EFF192480CBh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFF76 second address: 7AFF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192B60EFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007EFF192B60E8h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFF94 second address: 7AFFAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AFFAA second address: 7AFFAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B011C second address: 7B0126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B0902 second address: 7B0906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B1001 second address: 7B1005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B1005 second address: 7B100A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7AEE50 second address: 7AEE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B8279 second address: 7B8297 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007EFF192B60F1h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B856B second address: 7B856F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7B856F second address: 7B8573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7BBFEF second address: 7BC002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BFh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7BC002 second address: 7BC092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007EFF192B60F7h 0x00000014 pop eax 0x00000015 pushad 0x00000016 jng 00007EFF192B60E6h 0x0000001c jmp 00007EFF192B60F1h 0x00000021 popad 0x00000022 jmp 00007EFF192B60F6h 0x00000027 popad 0x00000028 pushad 0x00000029 push eax 0x0000002a push esi 0x0000002b pop esi 0x0000002c jg 00007EFF192B60E6h 0x00000032 pop eax 0x00000033 jmp 00007EFF192B60EAh 0x00000038 jmp 00007EFF192B60EDh 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7C6885 second address: 7C689E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007EFF192480C1h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7C6431 second address: 7C6464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007EFF192B60F3h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7C6464 second address: 7C6468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7C6468 second address: 7C646C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7CD3F3 second address: 7CD3F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7CD3F8 second address: 7CD3FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7CD3FE second address: 7CD404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7D1EA6 second address: 7D1EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFF192B60E6h 0x0000000a push edi 0x0000000b jmp 00007EFF192B60F6h 0x00000010 pop edi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7D9150 second address: 7D917E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFF192480C0h 0x0000000a pop edx 0x0000000b jnp 00007EFF192480E2h 0x00000011 pushad 0x00000012 jmp 00007EFF192480BFh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBD03 second address: 7DBD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jng 00007EFF192B60E8h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB4D second address: 7DBB55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB55 second address: 7DBB59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB59 second address: 7DBB5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB5D second address: 7DBB6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB6B second address: 7DBB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB6F second address: 7DBB73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB73 second address: 7DBB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB80 second address: 7DBB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 jmp 00007EFF192B60F6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBB9F second address: 7DBBA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBBA7 second address: 7DBBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DBBAB second address: 7DBBBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DFA2F second address: 7DFA3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 je 00007EFF192B60F4h 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7DFA3E second address: 7DFA44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E4E46 second address: 7E4E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E4E51 second address: 7E4E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E4E59 second address: 7E4E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E4FDA second address: 7E4FE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E52A6 second address: 7E52AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E52AA second address: 7E52BA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFF192480B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E52BA second address: 7E52BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E58BE second address: 7E58DC instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192480BEh 0x00000008 pushad 0x00000009 popad 0x0000000a jnc 00007EFF192480B6h 0x00000010 jno 00007EFF192480C2h 0x00000016 je 00007EFF192480B6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7E62DF second address: 7E631C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jo 00007EFF192B611Ch 0x00000010 pushad 0x00000011 jmp 00007EFF192B60F1h 0x00000016 jmp 00007EFF192B60EEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7EB011 second address: 7EB015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7EACC0 second address: 7EACCA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFF192B60E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7F8759 second address: 7F875F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7FAB0A second address: 7FAB15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007EFF192B60E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7FEB17 second address: 7FEB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480BAh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7FEB26 second address: 7FEB7C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007EFF192B60F5h 0x00000012 jmp 00007EFF192B60EFh 0x00000017 jmp 00007EFF192B60EFh 0x0000001c popad 0x0000001d pushad 0x0000001e jns 00007EFF192B60E6h 0x00000024 jc 00007EFF192B60E6h 0x0000002a jno 00007EFF192B60E6h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 7FEB7C second address: 7FEB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 821BC0 second address: 821BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 829408 second address: 82940D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8282B0 second address: 8282CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8282CF second address: 8282E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8282E4 second address: 8282FA instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFF192B60E6h 0x00000008 js 00007EFF192B60E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8282FA second address: 8282FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8282FE second address: 828325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60EBh 0x00000007 jmp 00007EFF192B60F3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push ecx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828325 second address: 82832B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82848A second address: 828496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFF192B60E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828496 second address: 8284A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 8284A1 second address: 8284D0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFF192B60E6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d jbe 00007EFF192B611Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007EFF192B60F8h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828636 second address: 828647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828790 second address: 828799 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828CDE second address: 828D04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007EFF192480CCh 0x0000000f jmp 00007EFF192480C0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828D04 second address: 828D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 828FC1 second address: 82900A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFF192480C7h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop eax 0x00000016 jmp 00007EFF192480C2h 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jc 00007EFF192480B6h 0x00000026 popad 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82BCE8 second address: 82BCEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82EEB2 second address: 82EECB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007EFF192480B6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82EECB second address: 82EEE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60ECh 0x00000007 jl 00007EFF192B60E6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82EEE4 second address: 82EEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 82EEEE second address: 82EF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007EFF192B60EDh 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 830DDD second address: 830DE6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5020BE3 second address: 5020C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f jmp 00007EFF192B60EEh 0x00000014 test ecx, ecx 0x00000016 jmp 00007EFF192B60F0h 0x0000001b jns 00007EFF192B6135h 0x00000021 jmp 00007EFF192B60F0h 0x00000026 add eax, ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007EFF192B60F7h 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5020C57 second address: 5020C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFF192480C4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5020C6F second address: 5020C73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5020C73 second address: 5020CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e pushad 0x0000000f mov edi, 198B95A0h 0x00000014 pushfd 0x00000015 jmp 00007EFF192480C9h 0x0000001a and cx, 1CA6h 0x0000001f jmp 00007EFF192480C1h 0x00000024 popfd 0x00000025 popad 0x00000026 test eax, eax 0x00000028 pushad 0x00000029 mov edi, ecx 0x0000002b call 00007EFF192480C8h 0x00000030 mov ch, CCh 0x00000032 pop edx 0x00000033 popad 0x00000034 je 00007EFF89E1E13Bh 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007EFF192480C9h 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 73CAD2 second address: 73CAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5040049 second address: 50400AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007EFF192480C7h 0x00000009 or ax, 26CEh 0x0000000e jmp 00007EFF192480C9h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007EFF192480C0h 0x0000001a sub ch, 00000048h 0x0000001d jmp 00007EFF192480BBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50400AD second address: 50400C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192B60F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50400C8 second address: 5040118 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFF192480C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007EFF192480BEh 0x00000010 mov edx, dword ptr [ebp+0Ch] 0x00000013 pushad 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007EFF192480BCh 0x0000001b sbb ah, 00000068h 0x0000001e jmp 00007EFF192480BBh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5040118 second address: 5040121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 5040121 second address: 5040125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |