Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E7D110 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E7D110 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh | 0_2_00EB63B8 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh | 0_2_00EB99D0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h | 0_2_00EB695B |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+04h] | 0_2_00E7FCA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-10h] | 0_2_00E80EEC |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00EB6094 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h | 0_2_00EB4040 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+20h] | 0_2_00E86F91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then dec ebx | 0_2_00EAF030 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ecx, dword ptr [edx] | 0_2_00E71000 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 0_2_00E9D1E1 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E842FC |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], dx | 0_2_00E92260 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [esi], ax | 0_2_00E92260 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov byte ptr [edi], al | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+30h] | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+14h] | 0_2_00EA23E0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebp, eax | 0_2_00E7A300 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh | 0_2_00EB64B8 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+0Ch] | 0_2_00E9C470 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx eax, word ptr [esi+ecx] | 0_2_00EB1440 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E8D457 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E9E40C |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esp], 00000000h | 0_2_00E8B410 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] | 0_2_00E78590 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh | 0_2_00EB7520 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E86536 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E99510 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E9E66A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_00EAB650 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+08h] | 0_2_00EB67EF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E9D7AF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00EB5700 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, word ptr [edi+eax] | 0_2_00EB7710 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], dx | 0_2_00E928E9 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esi+edi] | 0_2_00E749A0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h | 0_2_00E8D961 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h | 0_2_00EB3920 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E81ACD |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h | 0_2_00EB4A40 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edx, byte ptr [esi+ebx] | 0_2_00E75A50 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E81A3C |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+40h] | 0_2_00E81BEE |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+04h] | 0_2_00E83BE2 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 0_2_00EA0B80 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] | 0_2_00E8DB6F |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h | 0_2_00E8DB6F |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh | 0_2_00EB9B60 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00EB9CE0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh | 0_2_00EB9CE0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h | 0_2_00E9CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E9CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h | 0_2_00E9CCD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E9AC91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [edx], ax | 0_2_00E9AC91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h | 0_2_00E9EC48 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh | 0_2_00EAFC20 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h | 0_2_00E97C00 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00EB8D8A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [ebp-14h] | 0_2_00E9DD29 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh | 0_2_00E9FD10 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 0_2_00E76EA0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ecx, word ptr [ebp+00h] | 0_2_00E7BEB0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp byte ptr [ebx], 00000000h | 0_2_00E86EBF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp+40h] | 0_2_00E81E93 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_00E97E60 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00E95E70 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then movzx ebx, word ptr [ecx] | 0_2_00E9AE57 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov edi, ecx | 0_2_00E84E2A |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h | 0_2_00EB7FC0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00EB7FC0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00E78FD0 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov word ptr [edx], 0000h | 0_2_00E8FFDF |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp ecx | 0_2_00EB5FD6 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esi+20h] | 0_2_00E86F91 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then jmp eax | 0_2_00E99F62 |
Source: C:\Users\user\Desktop\file.exe | Code function: 4x nop then mov eax, dword ptr [esp] | 0_2_00EAFF70 |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61 |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://clearancek.site:443/api |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/ |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1 |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166528967.0000000001858000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v= |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l= |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0 |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://eaglepawnoy.store:443/api |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://licendfilteo.site:443/apii |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000002.2166326891.00000000017D4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mobbipenju.store/api |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mobbipenju.store:443/api |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000002.2166326891.0000000001812000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/ |
Source: file.exe, 00000000.00000002.2166326891.0000000001812000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/( |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166326891.0000000001812000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com/api |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sergei-esenin.com:443/apin |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000002.2166326891.00000000017D4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000002.2166326891.00000000017FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166528967.0000000001858000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000002.2166326891.00000000017BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000002.2166326891.0000000001812000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7 |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.2163932444.000000000184B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.2163932444.0000000001843000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10585D7 second address: 10585E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F71A8DB7116h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1057BF3 second address: 1057BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1057BF9 second address: 1057BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1057BFD second address: 1057C37 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71A8C84D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F71A8C84D66h 0x00000010 jmp 00007F71A8C84D4Ch 0x00000015 jmp 00007F71A8C84D54h 0x0000001a jnp 00007F71A8C84D4Eh 0x00000020 push edx 0x00000021 pop edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1057EB7 second address: 1057EFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7125h 0x00000007 jmp 00007F71A8DB7129h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007F71A8DB711Fh 0x00000018 pop ecx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105A5EF second address: 105A5F9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F71A8C84D4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105A5F9 second address: 105A67F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push esi 0x0000000b jo 00007F71A8DB7118h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 pop eax 0x00000015 ja 00007F71A8DB7116h 0x0000001b push 00000003h 0x0000001d mov dword ptr [ebp+122D1E47h], edx 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push esi 0x00000028 call 00007F71A8DB7118h 0x0000002d pop esi 0x0000002e mov dword ptr [esp+04h], esi 0x00000032 add dword ptr [esp+04h], 0000001Dh 0x0000003a inc esi 0x0000003b push esi 0x0000003c ret 0x0000003d pop esi 0x0000003e ret 0x0000003f mov ecx, dword ptr [ebp+122D2E99h] 0x00000045 mov edx, dword ptr [ebp+122D2FADh] 0x0000004b push 00000003h 0x0000004d mov edi, dword ptr [ebp+122D1E47h] 0x00000053 call 00007F71A8DB7119h 0x00000058 jo 00007F71A8DB7120h 0x0000005e pushad 0x0000005f push esi 0x00000060 pop esi 0x00000061 jo 00007F71A8DB7116h 0x00000067 popad 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jg 00007F71A8DB711Ch 0x00000071 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105A76B second address: 105A78B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105A78B second address: 105A82A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F71A8DB7118h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1E85h], edi 0x00000028 movzx edi, ax 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F71A8DB7118h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov si, 4AF1h 0x0000004b mov edx, dword ptr [ebp+122D2E7Dh] 0x00000051 call 00007F71A8DB7119h 0x00000056 jmp 00007F71A8DB711Bh 0x0000005b push eax 0x0000005c pushad 0x0000005d push ebx 0x0000005e pushad 0x0000005f popad 0x00000060 pop ebx 0x00000061 jmp 00007F71A8DB7128h 0x00000066 popad 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F71A8DB711Ah 0x00000072 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105AA14 second address: 105AA21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F71A8C84D46h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 105AA21 second address: 105AACA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7126h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jmp 00007F71A8DB7125h 0x00000013 pop eax 0x00000014 mov ecx, ebx 0x00000016 push 00000003h 0x00000018 pushad 0x00000019 jmp 00007F71A8DB7124h 0x0000001e mov ebx, 2633FC54h 0x00000023 popad 0x00000024 push 00000000h 0x00000026 mov edx, dword ptr [ebp+122D2C91h] 0x0000002c push 00000003h 0x0000002e jmp 00007F71A8DB711Eh 0x00000033 mov di, 8FD1h 0x00000037 call 00007F71A8DB7119h 0x0000003c ja 00007F71A8DB7130h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F71A8DB711Dh 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079ADB second address: 1079AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F71A8C84D46h 0x0000000a jno 00007F71A8C84D46h 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079D81 second address: 1079D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F71A8DB7116h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079EE2 second address: 1079EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1079EE6 second address: 1079F13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB711Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jg 00007F71A8DB7116h 0x00000012 push edi 0x00000013 pop edi 0x00000014 jnl 00007F71A8DB7116h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007F71A8DB7116h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107A4DC second address: 107A4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71A8C84D46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107A4E8 second address: 107A4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F71A8DB7116h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107AA8F second address: 107AAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F71A8C84D51h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F71A8C84D46h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107AAB5 second address: 107AAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1049E18 second address: 1049E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F71A8C84D46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107B1C2 second address: 107B1CC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71A8DB711Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107B31B second address: 107B325 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F71A8C84D4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107B5E3 second address: 107B5F3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jg 00007F71A8DB7116h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107F960 second address: 107F964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107FA6C second address: 107FA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107FCF5 second address: 107FD1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F71A8C84D54h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jnp 00007F71A8C84D46h 0x00000015 pop edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 107FD1A second address: 107FD20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1082A24 second address: 1082A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F71A8C84D46h 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007F71A8C84D59h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1082A4C second address: 1082A5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB711Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1082A5D second address: 1082A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F71A8C84D46h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104BA40 second address: 104BA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB7128h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1083F57 second address: 1083F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 104EF62 second address: 104EF66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10876C4 second address: 10876D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F71A8C84D46h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10876D0 second address: 108770F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F71A8DB7116h 0x00000008 js 00007F71A8DB7116h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F71A8DB713Bh 0x0000001a jmp 00007F71A8DB7127h 0x0000001f jmp 00007F71A8DB711Eh 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1086DE9 second address: 1086E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8C84D59h 0x00000009 je 00007F71A8C84D46h 0x0000000f popad 0x00000010 push ebx 0x00000011 jmp 00007F71A8C84D4Ch 0x00000016 jnp 00007F71A8C84D46h 0x0000001c pop ebx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1086E21 second address: 1086E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1086E27 second address: 1086E31 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1086F6D second address: 1086F71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10874E9 second address: 108751E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 js 00007F71A8C84D4Ch 0x0000000d jp 00007F71A8C84D46h 0x00000013 jmp 00007F71A8C84D4Ch 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b pushad 0x0000001c popad 0x0000001d pop eax 0x0000001e jp 00007F71A8C84D4Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 push esi 0x00000027 pop esi 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108943E second address: 1089442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1089442 second address: 1089446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A6D2 second address: 108A6DC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A6DC second address: 108A6F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F71A8C84D46h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A771 second address: 108A7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F71A8DB7116h 0x0000000a popad 0x0000000b add dword ptr [esp], 3B57AD90h 0x00000012 mov esi, 656C9809h 0x00000017 call 00007F71A8DB7119h 0x0000001c jmp 00007F71A8DB7126h 0x00000021 push eax 0x00000022 pushad 0x00000023 pushad 0x00000024 jl 00007F71A8DB7116h 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c popad 0x0000002d jmp 00007F71A8DB7128h 0x00000032 popad 0x00000033 mov eax, dword ptr [esp+04h] 0x00000037 jnp 00007F71A8DB711Eh 0x0000003d je 00007F71A8DB7118h 0x00000043 pushad 0x00000044 popad 0x00000045 mov eax, dword ptr [eax] 0x00000047 jmp 00007F71A8DB7123h 0x0000004c mov dword ptr [esp+04h], eax 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A7FC second address: 108A800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108A800 second address: 108A80F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F71A8DB7116h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108AE13 second address: 108AE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B4FF second address: 108B503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B503 second address: 108B50D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71A8C84D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B50D second address: 108B512 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B512 second address: 108B524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F71A8C84D48h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B63C second address: 108B640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108B640 second address: 108B645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1090A77 second address: 1090A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1091182 second address: 1091188 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1091C4D second address: 1091C6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7129h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1091C6A second address: 1091C70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10926ED second address: 1092702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d jnp 00007F71A8DB7116h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1092492 second address: 1092498 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10964F7 second address: 10964FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10964FB second address: 10964FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1098564 second address: 109856A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1097824 second address: 109782E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F71A8C84D46h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109A73D second address: 109A742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109A742 second address: 109A749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10997E3 second address: 10997F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10997F4 second address: 10998B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F71A8C84D54h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F71A8C84D48h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1E52h], edx 0x0000002c mov dword ptr [ebp+122D5D1Ah], ebx 0x00000032 push dword ptr fs:[00000000h] 0x00000039 mov edi, eax 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov ebx, dword ptr [ebp+122D2E31h] 0x00000048 mov eax, dword ptr [ebp+122D0645h] 0x0000004e jmp 00007F71A8C84D59h 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007F71A8C84D48h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f mov dword ptr [ebp+12454131h], edx 0x00000075 nop 0x00000076 jmp 00007F71A8C84D4Fh 0x0000007b push eax 0x0000007c pushad 0x0000007d jno 00007F71A8C84D4Ch 0x00000083 push eax 0x00000084 push edx 0x00000085 push eax 0x00000086 push edx 0x00000087 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10998B9 second address: 10998BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109B840 second address: 109B844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109B844 second address: 109B84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109B84A second address: 109B851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109E79F second address: 109E7A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109E7A4 second address: 109E7AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A0910 second address: 10A092C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71A8DB7128h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A092C second address: 10A09A1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71A8C84D46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jng 00007F71A8C84D4Ch 0x00000015 mov dword ptr [ebp+122D1E09h], esi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F71A8C84D48h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 movsx ebx, bx 0x0000003a mov dword ptr [ebp+122D1FA2h], eax 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ebx 0x00000045 call 00007F71A8C84D48h 0x0000004a pop ebx 0x0000004b mov dword ptr [esp+04h], ebx 0x0000004f add dword ptr [esp+04h], 00000014h 0x00000057 inc ebx 0x00000058 push ebx 0x00000059 ret 0x0000005a pop ebx 0x0000005b ret 0x0000005c je 00007F71A8C84D4Ch 0x00000062 mov dword ptr [ebp+122D3234h], esi 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A09A1 second address: 10A09A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109E9AC second address: 109E9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109E9B0 second address: 109E9B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A19D6 second address: 10A19DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A19DB second address: 10A1A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB7126h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F71A8DB711Dh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A0B11 second address: 10A0BC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a call 00007F71A8C84D4Fh 0x0000000f and edi, 7193D521h 0x00000015 pop ebx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov bl, cl 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 jmp 00007F71A8C84D56h 0x0000002b mov eax, dword ptr [ebp+122D16F5h] 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F71A8C84D48h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b push edi 0x0000004c ja 00007F71A8C84D53h 0x00000052 pop edi 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push ecx 0x00000058 call 00007F71A8C84D48h 0x0000005d pop ecx 0x0000005e mov dword ptr [esp+04h], ecx 0x00000062 add dword ptr [esp+04h], 00000019h 0x0000006a inc ecx 0x0000006b push ecx 0x0000006c ret 0x0000006d pop ecx 0x0000006e ret 0x0000006f xor dword ptr [ebp+12489C2Eh], esi 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 push ecx 0x00000079 pushad 0x0000007a popad 0x0000007b pop ecx 0x0000007c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A1A08 second address: 10A1A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2B03 second address: 10A2B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A1BA0 second address: 10A1BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2B07 second address: 10A2B24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D52h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2B24 second address: 10A2B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB7129h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2B42 second address: 10A2B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2B48 second address: 10A2B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A2C93 second address: 10A2CB5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71A8C84D53h 0x00000008 jmp 00007F71A8C84D4Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F71A8C84D48h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A3B80 second address: 10A3B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A3B84 second address: 10A3B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10A5A65 second address: 10A5A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF2F second address: 10ACF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF34 second address: 10ACF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF3A second address: 10ACF3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF3E second address: 10ACF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF4D second address: 10ACF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF53 second address: 10ACF57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ACF57 second address: 10ACF5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B16F0 second address: 10B171A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7126h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007F71A8DB7124h 0x00000010 pushad 0x00000011 jc 00007F71A8DB7116h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B182E second address: 10B1857 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F71A8C84D4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F71A8C84D55h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B1857 second address: 10B1876 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F71A8DB7121h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B1876 second address: 10B188A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B188A second address: 10B189D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B189D second address: 10B18A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B18A1 second address: 10B18BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7127h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B18BC second address: 10B18E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F71A8C84D57h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1044C09 second address: 1044C21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7123h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1044C21 second address: 1044C27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B13 second address: 10B8B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B19 second address: 10B8B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B1F second address: 10B8B37 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71A8DB7116h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F71A8DB711Ah 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B37 second address: 10B8B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B3B second address: 10B8B65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB711Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007F71A8DB7122h 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B8B65 second address: 10B8B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F71A8C84D54h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B9608 second address: 10B962A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71A8DB711Ch 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 ja 00007F71A8DB7120h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B98EF second address: 10B9922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F71A8C84D51h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F71A8C84D56h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B9922 second address: 10B992A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B9AB7 second address: 10B9ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10B9ABD second address: 10B9AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10BD10A second address: 10BD129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F71A8C84D46h 0x0000000b jo 00007F71A8C84D46h 0x00000011 jmp 00007F71A8C84D4Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C1598 second address: 10C159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C159C second address: 10C15C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jg 00007F71A8C84D65h 0x0000000d push ebx 0x0000000e jmp 00007F71A8C84D4Fh 0x00000013 jnl 00007F71A8C84D46h 0x00000019 pop ebx 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C12CB second address: 10C12CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C24C1 second address: 10C24C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10C24C8 second address: 10C24EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7129h 0x00000007 ja 00007F71A8DB7122h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109386B second address: 1093931 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F71A8C84D4Ch 0x00000008 jng 00007F71A8C84D46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebx 0x00000011 push esi 0x00000012 or dword ptr [ebp+1248324Bh], ecx 0x00000018 pop ecx 0x00000019 push dword ptr fs:[00000000h] 0x00000020 movzx edx, si 0x00000023 jmp 00007F71A8C84D4Fh 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+12459779h], ecx 0x00000035 mov ecx, dword ptr [ebp+122D277Eh] 0x0000003b mov dword ptr [ebp+12493516h], esp 0x00000041 and dx, C027h 0x00000046 cmp dword ptr [ebp+122D2CE9h], 00000000h 0x0000004d jne 00007F71A8C84E28h 0x00000053 call 00007F71A8C84D51h 0x00000058 or dword ptr [ebp+122D3AB2h], edi 0x0000005e pop ecx 0x0000005f mov byte ptr [ebp+122D1E4Dh], 00000047h 0x00000066 push 00000000h 0x00000068 push ebp 0x00000069 call 00007F71A8C84D48h 0x0000006e pop ebp 0x0000006f mov dword ptr [esp+04h], ebp 0x00000073 add dword ptr [esp+04h], 00000017h 0x0000007b inc ebp 0x0000007c push ebp 0x0000007d ret 0x0000007e pop ebp 0x0000007f ret 0x00000080 mov edx, dword ptr [ebp+122D38DCh] 0x00000086 jl 00007F71A8C84D46h 0x0000008c or dx, C7DBh 0x00000091 mov eax, D49AA7D2h 0x00000096 mov ecx, dword ptr [ebp+1248310Bh] 0x0000009c push eax 0x0000009d pushad 0x0000009e push eax 0x0000009f push edx 0x000000a0 jmp 00007F71A8C84D4Bh 0x000000a5 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1093C55 second address: 1093C66 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1093C66 second address: 1093C6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1093E02 second address: 1093E06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1093E06 second address: 1093E1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1093E1F second address: 1093E3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71A8DB7129h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109407A second address: 1094093 instructions: 0x00000000 rdtsc 0x00000002 je 00007F71A8C84D48h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F71A8C84D4Ah 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 109419D second address: 10941C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F71A8DB7127h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10942F0 second address: 1094345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F71A8C84D48h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D28C6h], edi 0x00000029 push 00000004h 0x0000002b pushad 0x0000002c jmp 00007F71A8C84D4Eh 0x00000031 popad 0x00000032 mov edi, edx 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 push esi 0x00000038 jmp 00007F71A8C84D50h 0x0000003d pop esi 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094345 second address: 1094373 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F71A8DB7123h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F71A8DB7122h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094373 second address: 1094378 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094B38 second address: 1094BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7129h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F71A8DB7118h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D1C62h], edi 0x0000002d movsx edi, ax 0x00000030 mov dx, 6900h 0x00000034 lea eax, dword ptr [ebp+12493502h] 0x0000003a sub dword ptr [ebp+122D3C10h], edx 0x00000040 nop 0x00000041 jmp 00007F71A8DB7121h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jnl 00007F71A8DB7118h 0x0000004f push eax 0x00000050 pop eax 0x00000051 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094BB2 second address: 1094BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a or dword ptr [ebp+122D1C06h], edx 0x00000010 lea eax, dword ptr [ebp+124934BEh] 0x00000016 pushad 0x00000017 xor dword ptr [ebp+124597C0h], ecx 0x0000001d mov dword ptr [ebp+122D31CDh], edi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094BEE second address: 1094BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094BF3 second address: 1094BF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1094BF9 second address: 10707AE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F71A8DB7118h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+12483258h], ebx 0x0000002f call dword ptr [ebp+12454833h] 0x00000035 pushad 0x00000036 push esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10CAF03 second address: 10CAF22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F71A8C84D46h 0x0000000a jnc 00007F71A8C84D46h 0x00000010 popad 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 pop edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jne 00007F71A8C84D46h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10CB06D second address: 10CB073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10CB1FB second address: 10CB203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D049B second address: 10D04A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D04A1 second address: 10D04A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D0D18 second address: 10D0D29 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D0D29 second address: 10D0D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F71A8C84D53h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D0D43 second address: 10D0D47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10CFEC7 second address: 10CFED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F71A8C84D46h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10CFED1 second address: 10CFF34 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F71A8DB7131h 0x0000000c pop edi 0x0000000d pushad 0x0000000e jmp 00007F71A8DB7123h 0x00000013 jc 00007F71A8DB7128h 0x00000019 jmp 00007F71A8DB7122h 0x0000001e jmp 00007F71A8DB711Bh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D317C second address: 10D3183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D5F8B second address: 10D5F91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D5CBF second address: 10D5CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D5CC5 second address: 10D5CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB7129h 0x00000009 popad 0x0000000a pushad 0x0000000b jne 00007F71A8DB7116h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D8940 second address: 10D8969 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F71A8C84D57h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c js 00007F71A8C84D46h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D8969 second address: 10D896D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10D8DB4 second address: 10D8DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DE4DD second address: 10DE4E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DE69A second address: 10DE69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DE7DD second address: 10DE7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DE7E6 second address: 10DE7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DE7EA second address: 10DE7FA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F71A8DB711Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DF366 second address: 10DF385 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F71A8C84D4Fh 0x00000008 jng 00007F71A8C84D46h 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10DF385 second address: 10DF39B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F71A8DB711Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E297D second address: 10E29A2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F71A8C84D4Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F71A8C84D57h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E2C0E second address: 10E2C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E2C14 second address: 10E2C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F71A8C84D59h 0x0000000c jmp 00007F71A8C84D53h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E2C47 second address: 10E2C52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F71A8DB7116h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E2ED6 second address: 10E2EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8C84D4Ch 0x00000009 pop eax 0x0000000a jng 00007F71A8C84D5Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E2EF1 second address: 10E2EFB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71A8DB7116h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E7056 second address: 10E705E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E705E second address: 10E7064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E680D second address: 10E681F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnp 00007F71A8C84D46h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E681F second address: 10E6825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E6825 second address: 10E6833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F71A8C84D46h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E6833 second address: 10E6839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E6994 second address: 10E69B0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71A8C84D46h 0x00000008 jmp 00007F71A8C84D4Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10E6B09 second address: 10E6B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F71A8DB711Ch 0x0000000a jp 00007F71A8DB711Eh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE693 second address: 10EE6A7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F71A8C84D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F71A8C84D46h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6A7 second address: 10EE6B1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F71A8DB7116h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6B1 second address: 10EE6BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6BB second address: 10EE6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6BF second address: 10EE6C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6C3 second address: 10EE6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F71A8DB7129h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6E5 second address: 10EE6F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71A8C84D4Ch 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE6F7 second address: 10EE719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7124h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F71A8DB7116h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EE719 second address: 10EE71D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC773 second address: 10EC798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnc 00007F71A8DB711Eh 0x0000000b jnp 00007F71A8DB7118h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F71A8DB7116h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC90C second address: 10EC915 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC915 second address: 10EC91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC91B second address: 10EC91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC91F second address: 10EC923 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC923 second address: 10EC929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EC929 second address: 10EC94D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 jg 00007F71A8DB7116h 0x0000000f pop edi 0x00000010 popad 0x00000011 jo 00007F71A8DB7136h 0x00000017 jng 00007F71A8DB7118h 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ECAC1 second address: 10ECAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ECAC5 second address: 10ECAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED099 second address: 10ED09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED09D second address: 10ED0CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7121h 0x00000007 jnc 00007F71A8DB7116h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F71A8DB711Fh 0x00000014 jo 00007F71A8DB711Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED8D9 second address: 10ED8F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F71A8C84D78h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED8F2 second address: 10ED912 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F71A8DB7126h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED912 second address: 10ED916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10ED916 second address: 10ED91A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EDBDB second address: 10EDBEF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F71A8C84D46h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jno 00007F71A8C84D46h 0x00000013 pop edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EDE7A second address: 10EDE7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10EDE7E second address: 10EDEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F71A8C84D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F71A8C84D58h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2486 second address: 10F248C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2A52 second address: 10F2A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2A56 second address: 10F2A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F71A8DB7120h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2A73 second address: 10F2A7F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F71A8C84D46h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2D72 second address: 10F2D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F71A8DB711Dh 0x0000000e push esi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2EF1 second address: 10F2EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2EF7 second address: 10F2F06 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71A8DB7116h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F2F06 second address: 10F2F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8C84D52h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F309A second address: 10F30BF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F71A8DB7128h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F30BF second address: 10F30C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F7CDF second address: 10F7CE5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F7CE5 second address: 10F7CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F7CEF second address: 10F7CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F7CF5 second address: 10F7CF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10F7CF9 second address: 10F7D14 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F71A8DB711Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FF002 second address: 10FF006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FF006 second address: 10FF019 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB711Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FF019 second address: 10FF01F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FFEB1 second address: 10FFEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FFEB5 second address: 10FFEBE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FFEBE second address: 10FFECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F71A8DB7116h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FFECB second address: 10FFED1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 10FFED1 second address: 10FFED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11070EC second address: 11070F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11070F0 second address: 11070F8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1106C9A second address: 1106CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1106E2C second address: 1106E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1106E32 second address: 1106E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11151CC second address: 1115211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F71A8DB7128h 0x0000000a jc 00007F71A8DB712Ah 0x00000010 jmp 00007F71A8DB7124h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F71A8DB711Ah 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1116EE2 second address: 1116F04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71A8C84D4Eh 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F71A8C84D46h 0x00000012 push esi 0x00000013 jnl 00007F71A8C84D46h 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c jc 00007F71A8C84D46h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1116D41 second address: 1116D4F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F71A8DB7116h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1116D4F second address: 1116D59 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71A8C84D46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1116D59 second address: 1116D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A576 second address: 111A57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A0FE second address: 111A104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A104 second address: 111A10C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A10C second address: 111A113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A113 second address: 111A11B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A11B second address: 111A11F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A11F second address: 111A18C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71A8C84D46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007F71A8C84D78h 0x00000016 jmp 00007F71A8C84D59h 0x0000001b jmp 00007F71A8C84D59h 0x00000020 pushad 0x00000021 jg 00007F71A8C84D46h 0x00000027 pushad 0x00000028 popad 0x00000029 jc 00007F71A8C84D46h 0x0000002f jmp 00007F71A8C84D55h 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A18C second address: 111A191 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111A191 second address: 111A197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111EFB7 second address: 111EFBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111EFBB second address: 111EFBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 111EFBF second address: 111EFC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1124736 second address: 112473A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11321FF second address: 1132204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1130ABF second address: 1130AD6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F71A8C84D51h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1130AD6 second address: 1130ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1130ADE second address: 1130AEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007F71A8C84D46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1130F30 second address: 1130F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11310D6 second address: 11310F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 jg 00007F71A8C84D4Ah 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 jne 00007F71A8C84D4Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11313FC second address: 1131402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1135E75 second address: 1135E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1135E7C second address: 1135E88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F71A8DB7116h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1135E88 second address: 1135E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11437DE second address: 1143810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71A8DB7127h 0x00000009 jmp 00007F71A8DB7122h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1143810 second address: 1143814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1143814 second address: 1143818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1171C70 second address: 1171C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11713B4 second address: 11713BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11716CA second address: 11716E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71A8C84D56h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1171977 second address: 117197C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 1174872 second address: 11748DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 je 00007F71A8C84D4Eh 0x0000000d push eax 0x0000000e jg 00007F71A8C84D46h 0x00000014 pop eax 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F71A8C84D48h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jno 00007F71A8C84D4Ch 0x00000036 push 00000004h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007F71A8C84D48h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 00000017h 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 push 49AD2752h 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11748DB second address: 11748E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11748E0 second address: 11748E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11775AB second address: 11775B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 11775B1 second address: 11775B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0C8E second address: 54E0CDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7129h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F71A8DB7123h 0x00000014 jmp 00007F71A8DB7123h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0CDA second address: 54E0CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0CDF second address: 54E0CFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB711Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0CFE second address: 54E0D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0D02 second address: 54E0D1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8DB7127h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0D1D second address: 54E0D6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71A8C84D59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F71A8C84D4Eh 0x00000010 je 00007F721A0DAD5Bh 0x00000016 jmp 00007F71A8C84D50h 0x0000001b test byte ptr [eax+04h], 00000005h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov edx, 1D5EA820h 0x00000027 popad 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 108D6DA second address: 108D6E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |