Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_008450FA |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_0080D110 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_0080D110 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
0_2_008463B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00845700 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
0_2_008499D0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h |
0_2_0084695B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
0_2_0080FCA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
0_2_00810EEC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00846094 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ecx, dword ptr [edx] |
0_2_00801000 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
0_2_00816F91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then dec ebx |
0_2_0083F030 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
0_2_00844040 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_0082D1E1 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_008142FC |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_00822260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [esi], ax |
0_2_00822260 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov byte ptr [edi], al |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+14h] |
0_2_008323E0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ebp, eax |
0_2_0080A300 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
0_2_008464B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_0082E40C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
0_2_0081B410 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
0_2_00841440 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_0081D457 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
0_2_0082C470 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00829510 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
0_2_00847520 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00816536 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
0_2_0083B650 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_0082E66A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_0082D7AF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
0_2_008467EF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
0_2_00847710 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], dx |
0_2_008228E9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
0_2_008049A0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
0_2_00843920 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
0_2_0081D961 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00811ACD |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00811A3C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
0_2_00844A40 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
0_2_00805A50 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
0_2_00830B80 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
0_2_00813BE2 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
0_2_00811BEE |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
0_2_00849B60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] |
0_2_0081DB6F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
0_2_0081DB6F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_0082AC91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [edx], ax |
0_2_0082AC91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
0_2_0082CCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_0082CCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h |
0_2_0082CCD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00849CE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
0_2_00849CE0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
0_2_00827C00 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh |
0_2_0083FC20 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
0_2_0082EC48 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00848D8A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh |
0_2_0082FD10 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
0_2_0082DD29 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
0_2_00811E93 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
0_2_00806EA0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+00h] |
0_2_0080BEB0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
0_2_00816EBF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov edi, ecx |
0_2_00814E2A |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then movzx ebx, word ptr [ecx] |
0_2_0082AE57 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [eax], cx |
0_2_00827E60 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00825E70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
0_2_00816F91 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
0_2_00847FC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_00847FC0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00808FD0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp ecx |
0_2_00845FD6 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov word ptr [edx], 0000h |
0_2_0081FFDF |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then jmp eax |
0_2_00829F62 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
0_2_0083FF70 |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bathdoomgaz.store:443/api |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://clearancek.site:443/api5 |
Source: file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748115100.00000000012CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749837386.00000000012CF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6& |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1& |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dissapoiznw.store:443/api |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://eaglepawnoy.store:443/api |
Source: file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://licendfilteo.site:443/apig5 |
Source: file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900F |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000002.1749886308.00000000012DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f |
Source: file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000002.1749802376.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748175798.00000000012CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1748278382.000000000128F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1749683516.000000000128F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://studennotediw.store:443/api94 |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1748258682.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748071835.0000000001318000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748115100.00000000012CE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1748071835.0000000001311000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1748212239.00000000012DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 864413 second address: 864419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 864419 second address: 86441D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DED7D second address: 9DED81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DED81 second address: 9DED85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DED85 second address: 9DED8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DEF2F second address: 9DEF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 jg 00007F3998DAA3D6h 0x0000000f jc 00007F3998DAA3D6h 0x00000015 popad 0x00000016 pop ebx 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F3998DAA3D8h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D3BC1h], edi 0x00000038 push 00000000h 0x0000003a or dx, A77Bh 0x0000003f push C95F40D4h 0x00000044 push ecx 0x00000045 push esi 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DEF7B second address: 9DF024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 add dword ptr [esp], 36A0BFACh 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F3998BCD1A8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D268Ah], esi 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+122D1DCDh], ebx 0x00000035 push 00000000h 0x00000037 push 00000003h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F3998BCD1A8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 push ED15ADDEh 0x00000058 jmp 00007F3998BCD1AFh 0x0000005d xor dword ptr [esp], 2D15ADDEh 0x00000064 xor esi, 690C5F5Ch 0x0000006a mov ecx, dword ptr [ebp+122D2BF8h] 0x00000070 lea ebx, dword ptr [ebp+1244EC7Dh] 0x00000076 mov esi, 70BA83C5h 0x0000007b xchg eax, ebx 0x0000007c push eax 0x0000007d push edx 0x0000007e pushad 0x0000007f jmp 00007F3998BCD1B6h 0x00000084 push edx 0x00000085 pop edx 0x00000086 popad 0x00000087 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF024 second address: 9DF042 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3998DAA3D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jnc 00007F3998DAA3DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF09C second address: 9DF0BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e jno 00007F3998BCD1A6h 0x00000014 pop eax 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF0BF second address: 9DF0C4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF179 second address: 9DF17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF17D second address: 9DF1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F3998DAA3D8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f add dword ptr [esp], 715938E9h 0x00000016 mov dword ptr [ebp+122D2A1Ah], esi 0x0000001c lea ebx, dword ptr [ebp+1244EC88h] 0x00000022 mov dword ptr [ebp+122D23AAh], edi 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a push esi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9DF1AA second address: 9DF1CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F3998BCD1AFh 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3998BCD1ABh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDA40 second address: 9FDA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDA4B second address: 9FDA4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDA4F second address: 9FDA5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDBC3 second address: 9FDBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDEE2 second address: 9FDEF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F3998DAA3DCh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDEF3 second address: 9FDEF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FDEF9 second address: 9FDF0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FE090 second address: 9FE096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FE35C second address: 9FE3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998DAA3DCh 0x00000009 jnl 00007F3998DAA3DCh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3998DAA3E4h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F3998DAA3E4h 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FE3A9 second address: 9FE3CF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3998BCD1B3h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3998BCD1ABh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FEAAB second address: 9FEAC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F3998DAA3E3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FEDC4 second address: 9FEDD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3998BCD1A6h 0x0000000a jl 00007F3998BCD1A6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FEDD9 second address: 9FEDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9FEDDD second address: 9FEDE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A06D7E second address: A06D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A06D82 second address: A06D88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A06D88 second address: A06DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3998DAA3E3h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D41F1 second address: 9D4210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push ebx 0x00000008 jmp 00007F3998BCD1B0h 0x0000000d jns 00007F3998BCD1A6h 0x00000013 pop ebx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BA4E second address: A0BA55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BBB7 second address: A0BBCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F3998BCD1B0h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BBCD second address: A0BBEC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3998DAA3E3h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BBEC second address: A0BBF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BBF0 second address: A0BC29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F3998DAA3E2h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 jmp 00007F3998DAA3E9h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0BDA1 second address: A0BDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0C1A1 second address: A0C1A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D36B second address: A0D3BD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F3998BCD1B1h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F3998BCD1B0h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push edi 0x0000001c push edi 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f pop edi 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F3998BCD1B2h 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D3BD second address: A0D3D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D3D2 second address: A0D3E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3998BCD1B3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D3E9 second address: A0D3ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D3ED second address: A0D427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F3998BCD1A8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D2427h] 0x00000029 push E3A59848h 0x0000002e push eax 0x0000002f push edx 0x00000030 jbe 00007F3998BCD1A8h 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D72E second address: A0D734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0D734 second address: A0D738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0DFE9 second address: A0E003 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3998DAA3DCh 0x00000008 jc 00007F3998DAA3D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F3998DAA3D6h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0E4C6 second address: A0E4CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0E604 second address: A0E628 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F3998DAA3D6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3998DAA3E4h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0E628 second address: A0E65A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c mov dword ptr [ebp+1244D814h], esi 0x00000012 call 00007F3998BCD1B2h 0x00000017 mov dword ptr [ebp+124777D6h], ecx 0x0000001d pop edi 0x0000001e xchg eax, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 pushad 0x00000023 popad 0x00000024 pop ebx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0E65A second address: A0E65F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0EBB9 second address: A0EBC3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0EBC3 second address: A0EBE2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3998DAA3DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F3998DAA3E2h 0x00000011 jp 00007F3998DAA3DCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A0F632 second address: A0F643 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1072F second address: A10735 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1112D second address: A11131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A10F13 second address: A10F19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A11BDB second address: A11BF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A11BF7 second address: A11C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A11C00 second address: A11C39 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov dword ptr [ebp+1244FB61h], ebx 0x00000012 push 00000000h 0x00000014 mov si, dx 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D2904h], ecx 0x0000001f mov esi, eax 0x00000021 xchg eax, ebx 0x00000022 push esi 0x00000023 pushad 0x00000024 push eax 0x00000025 pop eax 0x00000026 jc 00007F3998BCD1A6h 0x0000002c popad 0x0000002d pop esi 0x0000002e push eax 0x0000002f je 00007F3998BCD1B8h 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A11C39 second address: A11C3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A14A12 second address: A14AC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F3998BCD1B5h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D299Ch], esi 0x00000014 mov di, si 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F3998BCD1A8h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 add esi, 148895FEh 0x00000039 stc 0x0000003a jnc 00007F3998BCD1BAh 0x00000040 call 00007F3998BCD1ADh 0x00000045 mov esi, dword ptr [ebp+122D2ED0h] 0x0000004b pop esi 0x0000004c push 00000000h 0x0000004e push 00000000h 0x00000050 push ebp 0x00000051 call 00007F3998BCD1A8h 0x00000056 pop ebp 0x00000057 mov dword ptr [esp+04h], ebp 0x0000005b add dword ptr [esp+04h], 0000001Bh 0x00000063 inc ebp 0x00000064 push ebp 0x00000065 ret 0x00000066 pop ebp 0x00000067 ret 0x00000068 xchg eax, ebx 0x00000069 jno 00007F3998BCD1BDh 0x0000006f push eax 0x00000070 push esi 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 pop eax 0x00000075 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D2647 second address: 9D2667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998DAA3E5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D2667 second address: 9D266B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D266B second address: 9D268C instructions: 0x00000000 rdtsc 0x00000002 js 00007F3998DAA3D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3998DAA3DFh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D268C second address: 9D26A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3998BCD1B1h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9D26A8 second address: 9D26ED instructions: 0x00000000 rdtsc 0x00000002 js 00007F3998DAA3FFh 0x00000008 jmp 00007F3998DAA3E5h 0x0000000d jmp 00007F3998DAA3E4h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3998DAA3E2h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9CEF3A second address: 9CEF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1C8BE second address: A1C8C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1C8C8 second address: A1C8CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1E3FA second address: A1E3FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1F0AD second address: A1F0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A20127 second address: A20132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F3998DAA3D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A23F5A second address: A23F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A23F5E second address: A23F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2311E second address: A231C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3998BCD1B0h 0x00000008 jmp 00007F3998BCD1B1h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov di, cx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d pushad 0x0000001e mov cx, 2F77h 0x00000022 jmp 00007F3998BCD1B1h 0x00000027 popad 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f jnp 00007F3998BCD1ACh 0x00000035 push edi 0x00000036 add bx, A95Dh 0x0000003b pop edi 0x0000003c mov eax, dword ptr [ebp+122D0309h] 0x00000042 sub dword ptr [ebp+1245817Bh], edx 0x00000048 mov dword ptr [ebp+122D2294h], esi 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push edi 0x00000053 call 00007F3998BCD1A8h 0x00000058 pop edi 0x00000059 mov dword ptr [esp+04h], edi 0x0000005d add dword ptr [esp+04h], 00000016h 0x00000065 inc edi 0x00000066 push edi 0x00000067 ret 0x00000068 pop edi 0x00000069 ret 0x0000006a js 00007F3998BCD1ACh 0x00000070 jbe 00007F3998BCD1A6h 0x00000076 nop 0x00000077 push ebx 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b popad 0x0000007c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A23F64 second address: A23FD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007F3998DAA3EBh 0x0000000f jmp 00007F3998DAA3E5h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F3998DAA3D8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 jnp 00007F3998DAA3D7h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F3998DAA3D8h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000014h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 xchg eax, esi 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A25018 second address: A2501C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2501C second address: A25022 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A240E6 second address: A240EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A26117 second address: A26199 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007F3998DAA3D6h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 jmp 00007F3998DAA3DEh 0x0000001b nop 0x0000001c sbb bh, 0000002Eh 0x0000001f jo 00007F3998DAA3DAh 0x00000025 mov bx, F692h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F3998DAA3D8h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 0000001Bh 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push ebx 0x0000004a call 00007F3998DAA3D8h 0x0000004f pop ebx 0x00000050 mov dword ptr [esp+04h], ebx 0x00000054 add dword ptr [esp+04h], 0000001Bh 0x0000005c inc ebx 0x0000005d push ebx 0x0000005e ret 0x0000005f pop ebx 0x00000060 ret 0x00000061 xchg eax, esi 0x00000062 push ebx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A26199 second address: A261B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F3998BCD1B3h 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A252A4 second address: A252A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A274CB second address: A274D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A28443 second address: A2844D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F3998DAA3D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2844D second address: A28451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A293AB second address: A293B5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A285D5 second address: A285DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A285DA second address: A285E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2953A second address: A2953E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2B28D second address: A2B291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2953E second address: A29544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A29544 second address: A2954A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2B291 second address: A2B317 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b jmp 00007F3998BCD1ADh 0x00000010 or esi, 2E9B17EAh 0x00000016 popad 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007F3998BCD1A8h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 mov di, 07D6h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F3998BCD1A8h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ah 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 mov bl, BCh 0x00000055 xchg eax, esi 0x00000056 pushad 0x00000057 jnp 00007F3998BCD1ACh 0x0000005d push eax 0x0000005e push edx 0x0000005f js 00007F3998BCD1A6h 0x00000065 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2C316 second address: A2C324 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2B4A1 second address: A2B4B8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 js 00007F3998BCD1A6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jng 00007F3998BCD1B4h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2C324 second address: A2C3C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F3998DAA3D8h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F3998DAA3D8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D299Ch], esi 0x00000030 mov ebx, dword ptr [ebp+122D2973h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edi 0x0000003b call 00007F3998DAA3D8h 0x00000040 pop edi 0x00000041 mov dword ptr [esp+04h], edi 0x00000045 add dword ptr [esp+04h], 00000019h 0x0000004d inc edi 0x0000004e push edi 0x0000004f ret 0x00000050 pop edi 0x00000051 ret 0x00000052 mov edi, dword ptr [ebp+12475DD0h] 0x00000058 push 00000000h 0x0000005a pushad 0x0000005b mov ax, si 0x0000005e xor dword ptr [ebp+122D277Fh], edx 0x00000064 popad 0x00000065 xchg eax, esi 0x00000066 pushad 0x00000067 jmp 00007F3998DAA3E2h 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F3998DAA3E7h 0x00000073 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2E550 second address: A2E55A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A2E55A second address: A2E560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A351B7 second address: A351BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A351BD second address: A351C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A351C6 second address: A351D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F3998BCD1A6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A351D2 second address: A351D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34A74 second address: A34AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F3998BCD1B2h 0x0000000a popad 0x0000000b jnp 00007F3998BCD1D4h 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 jns 00007F3998BCD1A6h 0x0000001a jmp 00007F3998BCD1AEh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34AAB second address: A34AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34AB3 second address: A34AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34BBF second address: A34BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34BCB second address: A34BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998BCD1AEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34BDD second address: A34BE7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3998DAA3D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34BE7 second address: A34C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3998BCD1B9h 0x0000000c pushad 0x0000000d popad 0x0000000e jp 00007F3998BCD1A6h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34C12 second address: A34C1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F3998DAA3D6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A34C1E second address: A34C30 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F3998BCD1AEh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A392DA second address: A392DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A392DF second address: A392E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A392E5 second address: A392F7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A395C4 second address: A395CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A395CA second address: A395D4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3998DAA3DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3DBE8 second address: A3DBF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3DBF3 second address: A3DBF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3DBF9 second address: A3DBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3EA4F second address: A3EA53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3EA53 second address: A3EA5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3EA5C second address: A3EA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3998DAA3D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop esi 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A3ED68 second address: A3ED75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F3998BCD1A8h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A444A8 second address: A444B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jns 00007F3998DAA3D8h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A47019 second address: A47025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F3998BCD1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4D4B1 second address: A4D4B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4D4B5 second address: A4D4C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F3998BCD1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4C195 second address: A4C1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F3998DAA3DDh 0x00000011 jo 00007F3998DAA3D6h 0x00000017 jng 00007F3998DAA3D6h 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4C1BB second address: A4C1CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push esi 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F3998BCD1A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4C1CF second address: A4C1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4C1D3 second address: A4C1D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4CBED second address: A4CC0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3998DAA3E2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4CEEC second address: A4CEF6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3998BCD1ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4BBB4 second address: A4BBB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4BBB9 second address: A4BBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F3998BCD1ACh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4BBCE second address: A4BBD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A4BBD4 second address: A4BBD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A191F9 second address: A191FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A191FF second address: A19204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19204 second address: A1920A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1920A second address: A1920E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1920E second address: A1923E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c jbe 00007F3998DAA3DBh 0x00000012 mov eax, 55FF3E0Ah 0x00000017 adc dx, 45B2h 0x0000001c popad 0x0000001d lea eax, dword ptr [ebp+12488F5Fh] 0x00000023 mov ecx, dword ptr [ebp+1246C034h] 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1923E second address: A19242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19242 second address: A19246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19246 second address: A1924C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A192FD second address: A19301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19301 second address: A19316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d jng 00007F3998BCD1ACh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A198A2 second address: A198A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A198A8 second address: A198C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3998BCD1ACh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F3998BCD1A8h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19A0B second address: A19A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], esi 0x00000008 sub dword ptr [ebp+122D1D84h], eax 0x0000000e nop 0x0000000f jmp 00007F3998DAA3DDh 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jbe 00007F3998DAA3D8h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19B00 second address: A19B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998BCD1ADh 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F3998BCD1A6h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19B1D second address: A19B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jne 00007F3998DAA3EAh 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007F3998DAA3D6h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19B4D second address: A19B5A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19B5A second address: A19B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3998DAA3E3h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19C56 second address: A19C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19C5B second address: A19C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19DAC second address: A19DB6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19DB6 second address: A19DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19DBA second address: A19DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A0CB second address: A1A0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A0D1 second address: A1A0D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A0D5 second address: A1A0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A3AD second address: A1A3B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A3B3 second address: A1A3E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3998DAA3E2h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jno 00007F3998DAA3DAh 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A3E0 second address: A1A3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A3E4 second address: A1A3F1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A1A3F1 second address: A1A3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A51463 second address: A514AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F3998DAA3DCh 0x0000000c jl 00007F3998DAA3E7h 0x00000012 jmp 00007F3998DAA3DFh 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jne 00007F3998DAA3DEh 0x00000022 jmp 00007F3998DAA3E0h 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A514AD second address: A514DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F3998BCD1A6h 0x00000009 jg 00007F3998BCD1A6h 0x0000000f jmp 00007F3998BCD1B3h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F3998BCD1AAh 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A514DE second address: A514E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A51640 second address: A5164A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3998BCD1B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A55ED1 second address: A55ED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A56010 second address: A56027 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3998BCD1B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A564CE second address: A564D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A564D2 second address: A564D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A567D6 second address: A567F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jo 00007F3998DAA3D6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F3998DAA3D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A567F0 second address: A567F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A567F6 second address: A56806 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3998DAA3D6h 0x00000008 jno 00007F3998DAA3D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A56806 second address: A56826 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1AFh 0x00000007 pushad 0x00000008 jmp 00007F3998BCD1AAh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A599AC second address: A599B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59AE2 second address: A59AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59AE6 second address: A59AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59AF2 second address: A59AF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59AF8 second address: A59AFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59AFE second address: A59B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F3998BCD1A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A59B0A second address: A59B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5C25B second address: A5C266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F3998BCD1A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5BDE4 second address: A5BDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5BDED second address: A5BDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3998BCD1A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5BDF7 second address: A5BE1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3998DAA3E6h 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F3998DAA3D6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5BFED second address: A5BFF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5FDF2 second address: A5FDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5FDFC second address: A5FE05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5FE05 second address: A5FE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A5FE09 second address: A5FE0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A658F1 second address: A65905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F3998DAA3DCh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A65EA8 second address: A65EC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1B8h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19EEA second address: A19F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 push edx 0x00000008 jng 00007F3998DAA3D6h 0x0000000e pop edx 0x0000000f jmp 00007F3998DAA3DCh 0x00000014 popad 0x00000015 nop 0x00000016 mov edx, dword ptr [ebp+1244FB61h] 0x0000001c cld 0x0000001d mov ebx, dword ptr [ebp+12488F9Eh] 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007F3998DAA3D8h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 0000001Ah 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d mov dword ptr [ebp+122D3055h], edx 0x00000043 mov dword ptr [ebp+122D3026h], ebx 0x00000049 add eax, ebx 0x0000004b push 00000000h 0x0000004d push esi 0x0000004e call 00007F3998DAA3D8h 0x00000053 pop esi 0x00000054 mov dword ptr [esp+04h], esi 0x00000058 add dword ptr [esp+04h], 00000018h 0x00000060 inc esi 0x00000061 push esi 0x00000062 ret 0x00000063 pop esi 0x00000064 ret 0x00000065 mov edi, dword ptr [ebp+122D29E0h] 0x0000006b nop 0x0000006c pushad 0x0000006d pushad 0x0000006e push edx 0x0000006f pop edx 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19F71 second address: A19FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3998BCD1B1h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F3998BCD1AAh 0x00000011 nop 0x00000012 mov ecx, dword ptr [ebp+122D2CD0h] 0x00000018 push 00000004h 0x0000001a mov edi, 46469D00h 0x0000001f nop 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F3998BCD1B6h 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A19FBB second address: A19FD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3998DAA3DDh 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6605E second address: A66062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A66062 second address: A66072 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F3998DAA3D6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A66072 second address: A66081 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A69CC6 second address: A69CD0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A69CD0 second address: A69CDA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3998BCD1ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6FBDE second address: A6FBE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6FBE2 second address: A6FC05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F3998BCD1A8h 0x0000000e pushad 0x0000000f popad 0x00000010 ja 00007F3998BCD1B0h 0x00000016 jmp 00007F3998BCD1AAh 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6FC05 second address: A6FC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6FD5F second address: A6FD80 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F3998BCD1B9h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A6FD80 second address: A6FD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A70B99 second address: A70BA9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jl 00007F3998BCD1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A76034 second address: A76038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A76038 second address: A7603D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A7603D second address: A76059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3998DAA3DFh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A76059 second address: A7605F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A7605F second address: A76069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3998DAA3D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A79CC3 second address: A79CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A79CC7 second address: A79CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A79189 second address: A791AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998BCD1B9h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A791AC second address: A791BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998DAA3DAh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A82D86 second address: A82D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A8101E second address: A81025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81025 second address: A81079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1B2h 0x00000007 push esi 0x00000008 jmp 00007F3998BCD1B6h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F3998BCD1B1h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jmp 00007F3998BCD1B0h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A8134B second address: A81351 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A814DD second address: A81500 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3998BCD1A6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e jmp 00007F3998BCD1AAh 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 jc 00007F3998BCD1BBh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A817B7 second address: A817BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81C13 second address: A81C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81C17 second address: A81C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F3998DAA3F5h 0x0000000f jmp 00007F3998DAA3DBh 0x00000014 jmp 00007F3998DAA3E4h 0x00000019 jnl 00007F3998DAA3F0h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81C65 second address: A81C6C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81DC8 second address: A81DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A81DCC second address: A81DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A82BE4 second address: A82BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A82BE8 second address: A82BF2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A80AE2 second address: A80AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A80AE6 second address: A80AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A868A0 second address: A868C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F3998DAA3E8h 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A868C6 second address: A868F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3998BCD1B0h 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F3998BCD1A6h 0x00000012 jmp 00007F3998BCD1ADh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A868F0 second address: A868F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A868F4 second address: A868FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A89681 second address: A8968B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A8968B second address: A896B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F3998BCD1ADh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3998BCD1B3h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A896B5 second address: A896BF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3998DAA3D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A96D2B second address: A96D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A96D2F second address: A96D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998DAA3DEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F3998DAA3D8h 0x00000011 jmp 00007F3998DAA3DCh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jnp 00007F3998DAA3D6h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9C8586 second address: 9C858C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9B1C4 second address: A9B1CE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9B1CE second address: A9B1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9B352 second address: A9B358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9B358 second address: A9B35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9B35D second address: A9B37F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F3998DAA3E5h 0x00000008 jl 00007F3998DAA3D6h 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E260 second address: A9E267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E267 second address: A9E285 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F3998DAA3D6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E285 second address: A9E289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E289 second address: A9E295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E295 second address: A9E2B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1B1h 0x00000007 jp 00007F3998BCD1A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E2B4 second address: A9E2B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E2B8 second address: A9E2BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: A9E0ED second address: A9E11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F3998DAA3E0h 0x0000000f jng 00007F3998DAA3D6h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jns 00007F3998DAA3D6h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 9CA004 second address: 9CA00B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AAAE4E second address: AAAE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AAAE52 second address: AAAE62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F3998BCD1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AAAE62 second address: AAAE8F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3998DAA3E7h 0x00000008 push eax 0x00000009 jbe 00007F3998DAA3D6h 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jc 00007F3998DAA3FCh 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AAAE8F second address: AAAEAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1AEh 0x00000007 jng 00007F3998BCD1A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AADD34 second address: AADD4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3998DAA3E0h 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AB3957 second address: AB3980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F3998BCD1A6h 0x0000000f jmp 00007F3998BCD1B1h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AB3F12 second address: AB3F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AB4055 second address: AB406A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998BCD1B1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AB406A second address: AB4092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3E8h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d jne 00007F3998DAA3DCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AB7F35 second address: AB7F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAE8D second address: ABAE95 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAE95 second address: ABAE9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAE9D second address: ABAEB2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3998DAA3D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jl 00007F3998DAA3E2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAEB2 second address: ABAEB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAA12 second address: ABAA16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAA16 second address: ABAA26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3998BCD1AAh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABAA26 second address: ABAA56 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3998DAA3E3h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jns 00007F3998DAA3DCh 0x00000014 jc 00007F3998DAA3E2h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABD008 second address: ABD011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABD011 second address: ABD017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABD017 second address: ABD01B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ABD01B second address: ABD025 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3998DAA3D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ACB83A second address: ACB859 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3998BCD1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push ebx 0x0000000c jmp 00007F3998BCD1AFh 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: ADA228 second address: ADA22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AEFBBC second address: AEFBC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AEFBC5 second address: AEFBDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3E1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AEFBDA second address: AEFBE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF34D2 second address: AF3518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F3998DAA3D6h 0x0000000b jmp 00007F3998DAA3E9h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jg 00007F3998DAA3E2h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f je 00007F3998DAA3D6h 0x00000025 popad 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF3518 second address: AF351D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF351D second address: AF3525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF3672 second address: AF3686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3998BCD1B0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF3BDA second address: AF3BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 js 00007F3998DAA3DEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF3E98 second address: AF3EA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF7046 second address: AF704B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF713A second address: AF713E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AF713E second address: AF7150 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AFA0B6 second address: AFA0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AFA0BB second address: AFA0CC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F3998DAA3D6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AFA0CC second address: AFA0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3998BCD1A6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: AFBB46 second address: AFBB4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0CCB second address: 50B0D07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cl, 90h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, dword ptr [eax+00000FDCh] 0x00000010 jmp 00007F3998BCD1B1h 0x00000015 test ecx, ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a call 00007F3998BCD1B3h 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D07 second address: 50B0D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D0C second address: 50B0D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D12 second address: 50B0D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D16 second address: 50B0D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F3998BCD200h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3998BCD1B7h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D49 second address: 50B0D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3998DAA3E4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D61 second address: 50B0D99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998BCD1ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add eax, ecx 0x0000000d jmp 00007F3998BCD1B6h 0x00000012 mov eax, dword ptr [eax+00000860h] 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov bl, D9h 0x0000001d movzx ecx, di 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0D99 second address: 50B0DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 pushfd 0x00000006 jmp 00007F3998DAA3DAh 0x0000000b sbb eax, 4B139C28h 0x00000011 jmp 00007F3998DAA3DBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DC6 second address: 50B0DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DCA second address: 50B0DE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3998DAA3E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DE5 second address: 50B0DEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DEB second address: 50B0DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DEF second address: 50B0DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0DF3 second address: 50B0E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F3A098F033Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0E07 second address: 50B0E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0E0B second address: 50B0E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 50B0E0F second address: 50B0E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |