Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:27060 |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.steampowered.com/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://checkout.steampowered.com/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://clearancek.site:443/apiW |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://clearancek.site:443/apiin |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v= |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC& |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw& |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l= |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu& |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67& |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1 |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0& |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://help.steampowered.com/en/ |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.steampowered.com/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://lv.queniujq.cn |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://medal.tv |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mobbipenju.store:443/apiv |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://player.vimeo.com |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://s.ytimg.com; |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sketchfab.com |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://spirittunek.store:443/api |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steam.tv/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcast.akamaized.net |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com |
Source: file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/7 |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/market/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900 |
Source: file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/ |
Source: file.exe, 00000000.00000003.1739774093.00000000012FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/; |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb9e7f3651c38ac4 |
Source: file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/about/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/explore/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/legal/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/mobile |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/news/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/stats/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: file.exe, 00000000.00000002.1744214208.00000000012AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739700886.00000000012AF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://studennotediw.store:443/api |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com |
Source: file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: file.exe, 00000000.00000003.1739594724.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1739805715.000000000133E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com |
Source: file.exe, 00000000.00000003.1739564446.0000000001332000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1744384288.00000000012FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 3E4491 second address: 3E4495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 3E4495 second address: 3E3D2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FA198D78885h 0x0000000d nop 0x0000000e jmp 00007FA198D7887Ah 0x00000013 stc 0x00000014 push dword ptr [ebp+122D00E1h] 0x0000001a pushad 0x0000001b jp 00007FA198D7887Ch 0x00000021 sub dl, FFFFFFD6h 0x00000024 popad 0x00000025 call dword ptr [ebp+122D281Bh] 0x0000002b pushad 0x0000002c mov dword ptr [ebp+122D1DBFh], edi 0x00000032 xor eax, eax 0x00000034 stc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 jo 00007FA198D7887Eh 0x0000003f jns 00007FA198D78878h 0x00000045 mov dword ptr [ebp+122D3949h], eax 0x0000004b mov dword ptr [ebp+122D1DBFh], esi 0x00000051 mov esi, 0000003Ch 0x00000056 jc 00007FA198D7887Ch 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 cmc 0x00000061 lodsw 0x00000063 jmp 00007FA198D78885h 0x00000068 add eax, dword ptr [esp+24h] 0x0000006c stc 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 mov dword ptr [ebp+122D1DBFh], esi 0x00000077 push eax 0x00000078 pushad 0x00000079 jne 00007FA198D7887Ch 0x0000007f pushad 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 3E3D2B second address: 3E3D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F7AC second address: 54F7B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F7B4 second address: 54F7BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F7BD second address: 54F7C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F7C3 second address: 54F7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55E9EF second address: 55E9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55E9F3 second address: 55E9F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55EB64 second address: 55EB6C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55EB6C second address: 55EB73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55F10C second address: 55F117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55F117 second address: 55F11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561844 second address: 561848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 56198D second address: 561A38 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jp 00007FA198D66596h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FA198D66588h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d push esi 0x0000002e and esi, dword ptr [ebp+122D3AB9h] 0x00000034 pop edi 0x00000035 push 00000000h 0x00000037 call 00007FA198D6658Bh 0x0000003c mov ecx, dword ptr [ebp+122D3AF1h] 0x00000042 pop edx 0x00000043 push 36520DE4h 0x00000048 jmp 00007FA198D66593h 0x0000004d xor dword ptr [esp], 36520D64h 0x00000054 mov dword ptr [ebp+122D209Fh], eax 0x0000005a push 00000003h 0x0000005c xor dword ptr [ebp+122D1E16h], edi 0x00000062 push 00000000h 0x00000064 mov dx, cx 0x00000067 push 00000003h 0x00000069 push 9D9078CDh 0x0000006e pushad 0x0000006f pushad 0x00000070 pushad 0x00000071 popad 0x00000072 jbe 00007FA198D66586h 0x00000078 popad 0x00000079 push eax 0x0000007a push edx 0x0000007b push esi 0x0000007c pop esi 0x0000007d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561A38 second address: 561A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561A3C second address: 561A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 5D9078CDh 0x0000000e jmp 00007FA198D66595h 0x00000013 lea ebx, dword ptr [ebp+1245172Dh] 0x00000019 mov dword ptr [ebp+122D2CD9h], eax 0x0000001f push eax 0x00000020 pushad 0x00000021 js 00007FA198D66588h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561A79 second address: 561A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561AD3 second address: 561AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561AD7 second address: 561ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 561ADD second address: 561AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 572EFB second address: 572F0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D7887Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 572F0C second address: 572F12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54A73F second address: 54A743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54A743 second address: 54A747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54A747 second address: 54A753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D43 second address: 580D57 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA198D6658Ch 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D57 second address: 580D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D5D second address: 580D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D61 second address: 580D65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D65 second address: 580D79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D79 second address: 580D87 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA198D78876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D87 second address: 580D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580D8B second address: 580DAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78882h 0x00000007 jmp 00007FA198D7887Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580F0F second address: 580F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580F15 second address: 580F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jmp 00007FA198D78887h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580F36 second address: 580F7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D6658Fh 0x00000007 push esi 0x00000008 jmp 00007FA198D6658Ch 0x0000000d jmp 00007FA198D66597h 0x00000012 pop esi 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push edx 0x00000016 jns 00007FA198D66588h 0x0000001c push eax 0x0000001d push edx 0x0000001e jp 00007FA198D66586h 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 580F7F second address: 580F83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581100 second address: 581104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581379 second address: 581389 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D7887Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581389 second address: 58138F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58138F second address: 58139D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D7887Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581633 second address: 581637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581B90 second address: 581B9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581B9A second address: 581B9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581E9B second address: 581E9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 581E9F second address: 581ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA198D66592h 0x0000000c jnc 00007FA198D66586h 0x00000012 jl 00007FA198D66586h 0x00000018 popad 0x00000019 push ecx 0x0000001a jmp 00007FA198D6658Eh 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FA198D6658Eh 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5825D9 second address: 5825E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5825E1 second address: 5825E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582743 second address: 582747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582747 second address: 582759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FA198D6658Ah 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582759 second address: 582780 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA198D7887Eh 0x00000008 pushad 0x00000009 js 00007FA198D78876h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jl 00007FA198D7888Eh 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582901 second address: 582918 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66593h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582918 second address: 58291E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582A65 second address: 582A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582A69 second address: 582A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582A6D second address: 582A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA198D6658Bh 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007FA198D66592h 0x00000013 popad 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 jc 00007FA198D66586h 0x0000001e pop edi 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582D6F second address: 582D94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FA198D78876h 0x0000000d jmp 00007FA198D7887Dh 0x00000012 jc 00007FA198D78876h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582D94 second address: 582DA4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 582DA4 second address: 582DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jnp 00007FA198D78876h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58553A second address: 58554F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA198D66586h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58554F second address: 585581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D78887h 0x00000009 jmp 00007FA198D78880h 0x0000000e jnp 00007FA198D78876h 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54C20D second address: 54C213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 586CA6 second address: 586CBE instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA198D78876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007FA198D7887Eh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5881E8 second address: 5881EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5881EE second address: 588214 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78888h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FA198D78876h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 590016 second address: 59001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59001B second address: 590020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 590020 second address: 590026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F48B second address: 58F4DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D78881h 0x00000009 pop ebx 0x0000000a jnc 00007FA198D7888Fh 0x00000010 jmp 00007FA198D78888h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F4DC second address: 58F4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA198D66586h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7B4 second address: 58F7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7C1 second address: 58F7D1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA198D66586h 0x00000008 jne 00007FA198D66586h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7D1 second address: 58F7D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7D7 second address: 58F7DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7DD second address: 58F7E7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA198D78876h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7E7 second address: 58F7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA198D6658Ah 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 58F7F9 second address: 58F811 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78884h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59313E second address: 593148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FA198D66586h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 593148 second address: 59315F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FA198D7887Ch 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59322B second address: 593287 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66595h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 6CC37E98h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007FA198D66588h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a cmc 0x0000002b mov dword ptr [ebp+122D2734h], ebx 0x00000031 push 3BED47E6h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 jng 00007FA198D66586h 0x0000003f js 00007FA198D66586h 0x00000045 popad 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 593287 second address: 59329D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA198D78882h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59358A second address: 59358E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59358E second address: 593594 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 593594 second address: 593599 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 593FDC second address: 593FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59496B second address: 59496F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59496F second address: 594973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 598A31 second address: 598A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5977B8 second address: 5977C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 598A39 second address: 598A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 598A3D second address: 598A59 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA198D78881h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55982F second address: 559849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66594h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59914A second address: 599167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA198D78886h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 599167 second address: 59916B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5999A3 second address: 5999B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FA198D78878h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59A881 second address: 59A88B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A029F second address: 5A0311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 call 00007FA198D7887Ch 0x0000000d mov edi, 1CEECF20h 0x00000012 pop edi 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FA198D78878h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FA198D78878h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000015h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b pushad 0x0000004c mov edi, dword ptr [ebp+122D3B81h] 0x00000052 jmp 00007FA198D7887Ah 0x00000057 popad 0x00000058 push eax 0x00000059 push eax 0x0000005a pushad 0x0000005b push edx 0x0000005c pop edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59E486 second address: 59E498 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FA198D66586h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59F501 second address: 59F505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15A8 second address: 5A15AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59E498 second address: 59E540 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78886h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov bx, di 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FA198D78878h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov bh, 83h 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 mov dword ptr [ebp+122D2B84h], ecx 0x0000003e mov eax, dword ptr [ebp+122D1689h] 0x00000044 mov dword ptr [ebp+12476A95h], edx 0x0000004a push FFFFFFFFh 0x0000004c call 00007FA198D78888h 0x00000051 mov ebx, dword ptr [ebp+122D3939h] 0x00000057 pop edi 0x00000058 xor edi, dword ptr [ebp+122D3B75h] 0x0000005e nop 0x0000005f push ebx 0x00000060 jmp 00007FA198D78888h 0x00000065 pop ebx 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A26BC second address: 5A26D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jnl 00007FA198D66586h 0x0000000c jnl 00007FA198D66586h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A3599 second address: 5A359D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15AC second address: 5A15B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59E540 second address: 59E544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A26D5 second address: 5A26EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D6658Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A359D second address: 5A35A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15B6 second address: 5A15BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 59E544 second address: 59E54A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A26EC second address: 5A26F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A35A3 second address: 5A35DC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA198D78878h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007FA198D78881h 0x00000014 push 00000000h 0x00000016 add dword ptr [ebp+122D2749h], ecx 0x0000001c push 00000000h 0x0000001e mov edi, dword ptr [ebp+122D3911h] 0x00000024 xchg eax, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15BA second address: 5A15BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A35DC second address: 5A35E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15BE second address: 5A15CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A2797 second address: 5A279D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A35E3 second address: 5A3605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FA198D66594h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A279D second address: 5A27A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A15CC second address: 5A1677 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA198D66588h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FA198D66588h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov di, 07B0h 0x0000002b push dword ptr fs:[00000000h] 0x00000032 mov dword ptr [ebp+122D1D89h], ebx 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f sbb bh, FFFFFFAEh 0x00000042 mov eax, dword ptr [ebp+122D0505h] 0x00000048 mov bx, A238h 0x0000004c mov dword ptr [ebp+122D3397h], ebx 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push eax 0x00000057 call 00007FA198D66588h 0x0000005c pop eax 0x0000005d mov dword ptr [esp+04h], eax 0x00000061 add dword ptr [esp+04h], 00000017h 0x00000069 inc eax 0x0000006a push eax 0x0000006b ret 0x0000006c pop eax 0x0000006d ret 0x0000006e sub edi, dword ptr [ebp+122D3A71h] 0x00000074 nop 0x00000075 pushad 0x00000076 pushad 0x00000077 push esi 0x00000078 pop esi 0x00000079 jmp 00007FA198D66594h 0x0000007e popad 0x0000007f push eax 0x00000080 push edx 0x00000081 jmp 00007FA198D66594h 0x00000086 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A4556 second address: 5A455A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A7ADE second address: 5A7AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A6CA5 second address: 5A6CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A8993 second address: 5A8A0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66590h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007FA198D6658Ch 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007FA198D66588h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 push 00000000h 0x00000033 mov di, 3898h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007FA198D66588h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000018h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 mov bx, 6060h 0x00000057 mov ebx, dword ptr [ebp+122D1CB6h] 0x0000005d mov edi, ebx 0x0000005f xchg eax, esi 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 push esi 0x00000065 pop esi 0x00000066 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A8A0F second address: 5A8A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5A8A15 second address: 5A8A1A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AB07E second address: 5AB084 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AB084 second address: 5AB095 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AB2BA second address: 5AB2C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AEF22 second address: 5AEF82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FA198D66588h 0x0000000c popad 0x0000000d push eax 0x0000000e jbe 00007FA198D6658Ah 0x00000014 push eax 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 nop 0x00000019 mov edi, dword ptr [ebp+122D3951h] 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+122D1E16h], edi 0x00000027 push 00000000h 0x00000029 mov edi, dword ptr [ebp+122D287Fh] 0x0000002f jmp 00007FA198D6658Eh 0x00000034 xchg eax, esi 0x00000035 jmp 00007FA198D66595h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d jp 00007FA198D66588h 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AE114 second address: 5AE1B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D7887Dh 0x00000009 popad 0x0000000a nop 0x0000000b mov ebx, edx 0x0000000d mov edi, dword ptr [ebp+122D2A1Dh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007FA198D78878h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 add dword ptr [ebp+122D1F7Dh], ebx 0x0000003a mov dword ptr [ebp+12456525h], ebx 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007FA198D78878h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 0000001Dh 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 jmp 00007FA198D7887Ch 0x00000066 mov eax, dword ptr [ebp+122D0A45h] 0x0000006c mov ebx, 2E415276h 0x00000071 push FFFFFFFFh 0x00000073 mov bx, 2975h 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b pushad 0x0000007c popad 0x0000007d pop eax 0x0000007e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5AE1B6 second address: 5AE1BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5B009D second address: 5B00A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5B00A1 second address: 5B0131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA198D66590h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FA198D66588h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edi 0x0000002e call 00007FA198D66588h 0x00000033 pop edi 0x00000034 mov dword ptr [esp+04h], edi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc edi 0x00000041 push edi 0x00000042 ret 0x00000043 pop edi 0x00000044 ret 0x00000045 jmp 00007FA198D66594h 0x0000004a push 00000000h 0x0000004c mov dword ptr [ebp+122D20D4h], edi 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 push ecx 0x00000055 jmp 00007FA198D6658Fh 0x0000005a pop ecx 0x0000005b pushad 0x0000005c pushad 0x0000005d popad 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5B02CB second address: 5B02D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5B8810 second address: 5B881B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5B881B second address: 5B8823 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BD244 second address: 5BD248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BD248 second address: 5BD24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BD9CE second address: 5BD9EC instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA198D6658Ch 0x00000008 jnc 00007FA198D66586h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007FA198D66588h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BDAE3 second address: 5BDAED instructions: 0x00000000 rdtsc 0x00000002 js 00007FA198D78876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BDAED second address: 5BDB0C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA198D6658Fh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BDB0C second address: 5BDB16 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA198D78876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5BDB16 second address: 5BDB33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA198D66599h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4883 second address: 5C4888 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4888 second address: 5C488E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C3D1F second address: 5C3D3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78884h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C3D3C second address: 5C3D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jmp 00007FA198D6658Ch 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FA198D66595h 0x00000012 jmp 00007FA198D66597h 0x00000017 jne 00007FA198D66586h 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 popad 0x00000021 jnp 00007FA198D665A7h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA198D6658Fh 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C3D9D second address: 5C3DA7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA198D78876h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C407C second address: 5C4082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4082 second address: 5C4086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4086 second address: 5C4094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FA198D6658Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C446B second address: 5C446F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C45EC second address: 5C45F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C45F0 second address: 5C45F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C45F4 second address: 5C45FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4731 second address: 5C4737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C4737 second address: 5C473D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C9F6A second address: 5C9F74 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA198D78876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C9F74 second address: 5C9FB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66599h 0x00000007 jmp 00007FA198D66599h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007FA198D6659Ch 0x00000014 jbe 00007FA198D6658Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C9FB8 second address: 5C9FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8C26 second address: 5C8C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8C2C second address: 5C8C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8DBA second address: 5C8DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA198D6658Eh 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007FA198D6658Dh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8DDF second address: 5C8E05 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA198D78885h 0x0000000b ja 00007FA198D78878h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8F7A second address: 5C8F7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8F7E second address: 5C8FBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78884h 0x00000007 jmp 00007FA198D7887Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f jmp 00007FA198D78882h 0x00000014 jnp 00007FA198D78876h 0x0000001a pop ecx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C9267 second address: 5C926D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C9404 second address: 5C9432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA198D78882h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA198D7887Ah 0x00000013 jmp 00007FA198D7887Bh 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8967 second address: 5C8971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5C8971 second address: 5C8987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D78880h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 591DF9 second address: 591DFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 591DFD second address: 591E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5922F5 second address: 592314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D6658Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 jo 00007FA198D6658Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592314 second address: 3E3D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov ecx, dword ptr [ebp+122D397Dh] 0x0000000c push dword ptr [ebp+122D00E1h] 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FA198D78878h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c mov ch, 23h 0x0000002e call dword ptr [ebp+122D281Bh] 0x00000034 pushad 0x00000035 mov dword ptr [ebp+122D1DBFh], edi 0x0000003b xor eax, eax 0x0000003d stc 0x0000003e mov edx, dword ptr [esp+28h] 0x00000042 jo 00007FA198D7887Eh 0x00000048 jns 00007FA198D78878h 0x0000004e mov dword ptr [ebp+122D3949h], eax 0x00000054 mov dword ptr [ebp+122D1DBFh], esi 0x0000005a mov esi, 0000003Ch 0x0000005f jc 00007FA198D7887Ch 0x00000065 add esi, dword ptr [esp+24h] 0x00000069 cmc 0x0000006a lodsw 0x0000006c jmp 00007FA198D78885h 0x00000071 add eax, dword ptr [esp+24h] 0x00000075 stc 0x00000076 mov ebx, dword ptr [esp+24h] 0x0000007a mov dword ptr [ebp+122D1DBFh], esi 0x00000080 push eax 0x00000081 pushad 0x00000082 jne 00007FA198D7887Ch 0x00000088 pushad 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5925E5 second address: 5925E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5927A7 second address: 5927AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592D48 second address: 592D56 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007FA198D66586h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592D56 second address: 592D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592D5A second address: 592D69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592D69 second address: 592D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592D6F second address: 592DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov eax, dword ptr [eax] 0x00000008 jg 00007FA198D665A1h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jng 00007FA198D66590h 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E1E second address: 592E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E24 second address: 592E32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E32 second address: 592E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E36 second address: 592E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E3A second address: 592E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 cmc 0x00000009 lea eax, dword ptr [ebp+12481B4Ah] 0x0000000f jmp 00007FA198D78884h 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007FA198D7887Ch 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592E6C second address: 592EBC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA198D66588h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f xor edi, dword ptr [ebp+122D3B91h] 0x00000015 lea eax, dword ptr [ebp+12481B06h] 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FA198D66588h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 mov di, 3FBBh 0x00000039 mov ecx, dword ptr [ebp+122D3A01h] 0x0000003f nop 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 jnl 00007FA198D66586h 0x00000049 pop esi 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592EBC second address: 592EE1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA198D7887Ch 0x00000008 jnp 00007FA198D78876h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA198D78881h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 592EE1 second address: 579D51 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push ecx 0x00000009 mov edx, dword ptr [ebp+122D3AC9h] 0x0000000f pop edx 0x00000010 call dword ptr [ebp+122D268Ah] 0x00000016 push eax 0x00000017 jl 00007FA198D66588h 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FA198D66590h 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D165C second address: 5D1668 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1668 second address: 5D1688 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D6658Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jne 00007FA198D66586h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1688 second address: 5D168E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D168E second address: 5D1695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1695 second address: 5D16AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA198D78884h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1817 second address: 5D181B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D181B second address: 5D1821 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1968 second address: 5D196D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1AF9 second address: 5D1B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007FA198D78876h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1B05 second address: 5D1B3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66591h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA198D6658Bh 0x00000012 jmp 00007FA198D66591h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D1B3A second address: 5D1B4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78881h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D809A second address: 5D809E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6A9C second address: 5D6AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AA0 second address: 5D6AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AA4 second address: 5D6AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AB0 second address: 5D6AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AB4 second address: 5D6AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA198D78881h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AD0 second address: 5D6AD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6AD6 second address: 5D6AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007FA198D78876h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6D7E second address: 5D6D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA198D66586h 0x0000000a jp 00007FA198D66586h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007FA198D66586h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6D97 second address: 5D6D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D6F31 second address: 5D6F49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D6658Eh 0x00000007 jl 00007FA198D6658Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D736A second address: 5D7370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7370 second address: 5D7381 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D6658Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7381 second address: 5D738A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D765D second address: 5D7665 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7665 second address: 5D7679 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA198D78886h 0x00000008 jmp 00007FA198D7887Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D77EC second address: 5D77F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D77F0 second address: 5D77F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D77F6 second address: 5D7806 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007FA198D66586h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7806 second address: 5D780C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D780C second address: 5D7810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7B08 second address: 5D7B18 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA198D78878h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5D7B18 second address: 5D7B26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA198D66586h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DA7C3 second address: 5DA7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jng 00007FA198D7887Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DA7D0 second address: 5DA7D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DA7D6 second address: 5DA7DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DA7DC second address: 5DA7E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55637C second address: 556386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 556386 second address: 556396 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA198D66586h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 556396 second address: 5563A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5563A0 second address: 5563A6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5563A6 second address: 5563B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5563B2 second address: 5563B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DFC0F second address: 5DFC54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA198D7887Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 ja 00007FA198D78876h 0x00000016 pushad 0x00000017 popad 0x00000018 jng 00007FA198D78876h 0x0000001e popad 0x0000001f push ecx 0x00000020 jmp 00007FA198D78889h 0x00000025 jp 00007FA198D78876h 0x0000002b pop ecx 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DFDBF second address: 5DFDDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D66597h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5DFDDA second address: 5DFE0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D7887Dh 0x00000007 jmp 00007FA198D7887Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FA198D78883h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E00B0 second address: 5E00F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA198D66586h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d ja 00007FA198D6658Eh 0x00000013 jne 00007FA198D665A4h 0x00000019 js 00007FA198D6658Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E23DD second address: 5E23E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E23E1 second address: 5E23EE instructions: 0x00000000 rdtsc 0x00000002 js 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E23EE second address: 5E23FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA198D78876h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E23FB second address: 5E241A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA198D66595h 0x00000009 je 00007FA198D66586h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E6514 second address: 5E6518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E6518 second address: 5E6524 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jc 00007FA198D66586h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E6524 second address: 5E652A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E652A second address: 5E6530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B0D second address: 5E5B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B17 second address: 5E5B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66592h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B2F second address: 5E5B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B35 second address: 5E5B3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B3F second address: 5E5B43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B43 second address: 5E5B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D6658Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FA198D6658Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA198D66595h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5B7F second address: 5E5B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5D32 second address: 5E5D40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5D40 second address: 5E5D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5E5D48 second address: 5E5D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D66599h 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EAE60 second address: 5EAE7A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FA198D7887Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EAE7A second address: 5EAE7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EAE7E second address: 5EAEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 jp 00007FA198D788BAh 0x0000000f jmp 00007FA198D78887h 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007FA198D78876h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EAEAE second address: 5EAEB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EB028 second address: 5EB03C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 jmp 00007FA198D7887Ch 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EB03C second address: 5EB041 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EB041 second address: 5EB06D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 je 00007FA198D78883h 0x0000000d jmp 00007FA198D7887Dh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA198D7887Eh 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5EB1D4 second address: 5EB1DE instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F11C3 second address: 5F11FB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA198D7887Eh 0x00000008 jmp 00007FA198D7887Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop edi 0x00000015 js 00007FA198D78882h 0x0000001b jbe 00007FA198D78876h 0x00000021 jnc 00007FA198D78876h 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F00C5 second address: 5F00C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F037F second address: 5F03AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D78882h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA198D78881h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F03AA second address: 5F03AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F81C4 second address: 5F81E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA198D78880h 0x00000008 jmp 00007FA198D7887Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F81E3 second address: 5F81E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F8B96 second address: 5F8B9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F8B9C second address: 5F8BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F94A7 second address: 5F94B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F94B0 second address: 5F94B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F94B6 second address: 5F94BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F94BC second address: 5F94C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F97C7 second address: 5F97CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F97CD second address: 5F97D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5F97D1 second address: 5F97F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a js 00007FA198D78876h 0x00000010 jmp 00007FA198D7887Ah 0x00000015 pop edx 0x00000016 jns 00007FA198D7887Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5FE899 second address: 5FE8BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FA198D66586h 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007FA198D66590h 0x00000012 popad 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5FE8BA second address: 5FE90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 jc 00007FA198D78876h 0x0000000f jmp 00007FA198D7887Fh 0x00000014 pop esi 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FA198D7887Ah 0x0000001d jmp 00007FA198D78884h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FA198D7887Bh 0x0000002a push edi 0x0000002b pop edi 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5FE90A second address: 5FE916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5FE916 second address: 5FE91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5FE91A second address: 5FE91E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601AD8 second address: 601AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601AE5 second address: 601AEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601AEB second address: 601B08 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA198D78876h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007FA198D7887Ah 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601B08 second address: 601B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601B10 second address: 601B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601C93 second address: 601CEE instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA198D66586h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA198D66599h 0x00000011 je 00007FA198D66595h 0x00000017 jmp 00007FA198D6658Fh 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jng 00007FA198D6659Ah 0x00000025 jmp 00007FA198D66594h 0x0000002a push edx 0x0000002b push eax 0x0000002c pop eax 0x0000002d pop edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 601CEE second address: 601CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA198D7887Bh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60225C second address: 60226A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA198D66586h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60226A second address: 60226F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 609DE8 second address: 609E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FA198D66599h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 609F56 second address: 609F6F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA198D78876h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA198D7887Ah 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 609F6F second address: 609F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA198D66586h 0x0000000a pop esi 0x0000000b popad 0x0000000c jo 00007FA198D6658Eh 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60A3A8 second address: 60A3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jc 00007FA198D78876h 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e jbe 00007FA198D7889Eh 0x00000014 jp 00007FA198D7887Eh 0x0000001a pushad 0x0000001b jns 00007FA198D78876h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60A3D3 second address: 60A3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60AE2E second address: 60AE37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60AE37 second address: 60AE42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 60AE42 second address: 60AE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 jmp 00007FA198D78880h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FA198D78876h 0x00000014 jmp 00007FA198D78880h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6094D1 second address: 6094D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6094D5 second address: 6094E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FA198D78888h 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6123E7 second address: 6123FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA198D6658Ch 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6123FB second address: 612404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 621343 second address: 62137F instructions: 0x00000000 rdtsc 0x00000002 je 00007FA198D66586h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA198D66599h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA198D66594h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 62137F second address: 621392 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D7887Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6240D3 second address: 6240DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 623C67 second address: 623C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA198D78886h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6259E6 second address: 6259FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FA198D6658Ah 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6259FB second address: 625A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA198D78876h 0x0000000a pop ebx 0x0000000b jmp 00007FA198D7887Dh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 625A13 second address: 625A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA198D6658Bh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 625A25 second address: 625A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA198D78876h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 627015 second address: 62703F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66591h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA198D66595h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 62E4FC second address: 62E503 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63674C second address: 63676F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D66595h 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d jns 00007FA198D66586h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63676F second address: 636788 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78885h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 636788 second address: 636797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007FA198D66586h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63DAFF second address: 63DB09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63DB09 second address: 63DB42 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FA198D6658Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f jnl 00007FA198D66586h 0x00000015 pop eax 0x00000016 push esi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA198D66593h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63DB42 second address: 63DB46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63DB46 second address: 63DB50 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA198D66586h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63C502 second address: 63C53F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA198D78889h 0x0000000b pushad 0x0000000c jmp 00007FA198D7887Dh 0x00000011 jg 00007FA198D78876h 0x00000017 jbe 00007FA198D78876h 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63C7DF second address: 63C7EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 jne 00007FA198D665ADh 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63C7EE second address: 63C7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63CCF7 second address: 63CCFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63CCFB second address: 63CD23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D78883h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 je 00007FA198D78878h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63CD23 second address: 63CD2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA198D66586h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 63D830 second address: 63D85D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a jmp 00007FA198D78887h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jne 00007FA198D78893h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6416AE second address: 6416BE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FA198D66586h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6416BE second address: 6416C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 64120A second address: 641217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnc 00007FA198D66586h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 641383 second address: 641387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 64EF42 second address: 64EF48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 64EF48 second address: 64EF4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 653D7B second address: 653D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67B48F second address: 67B4A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FA198D7887Ch 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67B4A6 second address: 67B4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67B4AB second address: 67B4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA198D78876h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67B75A second address: 67B775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA198D6658Ch 0x0000000c jng 00007FA198D66586h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67BEAD second address: 67BECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA198D78880h 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push edi 0x0000000c jg 00007FA198D7887Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67ED14 second address: 67ED1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67ED1A second address: 67ED3A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jp 00007FA198D78883h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67EF98 second address: 67EF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67EF9D second address: 67EFAC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 67EFAC second address: 67EFB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA198D66586h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 6803F5 second address: 680407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA198D7887Dh 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 680407 second address: 68040D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 681FE0 second address: 681FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007FA198D78882h 0x0000000d jg 00007FA198D78876h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 681BC0 second address: 681BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 681BC7 second address: 681BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 51B0D35 second address: 51B0D3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 51B0D3B second address: 51B0D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 51B0D3F second address: 51B0D9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA198D66593h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e mov ax, FCDBh 0x00000012 pushfd 0x00000013 jmp 00007FA198D66590h 0x00000018 adc si, CAA8h 0x0000001d jmp 00007FA198D6658Bh 0x00000022 popfd 0x00000023 popad 0x00000024 je 00007FA2097AC563h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA198D66595h 0x00000031 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 596116 second address: 59611B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |