Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A2FF4 second address: 11A2FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A2FF8 second address: 11A3013 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F91h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007EFFACBF2F86h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A3013 second address: 11A3017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A22A6 second address: 11A22B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A22B0 second address: 11A22B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A2723 second address: 11A2757 instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFFACBF2F8Ch 0x00000008 push edi 0x00000009 jmp 00007EFFACBF2F98h 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A2757 second address: 11A276F instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFFAC79DCC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFFAC79DCCAh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A276F second address: 11A2775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A2775 second address: 11A277B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A579F second address: 11A57A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A57A4 second address: 11A57E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jmp 00007EFFAC79DCD8h 0x00000010 pop esi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jc 00007EFFAC79DCD4h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A57E3 second address: 11A57F5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007EFFACBF2F86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop ecx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A57F5 second address: 11A5819 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFFAC79DCD6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5819 second address: 102ED9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov ecx, ebx 0x0000000c push dword ptr [ebp+122D06C9h] 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007EFFACBF2F88h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c or cl, FFFFFFE1h 0x0000002f call dword ptr [ebp+122D26F6h] 0x00000035 pushad 0x00000036 jmp 00007EFFACBF2F8Ch 0x0000003b xor eax, eax 0x0000003d mov dword ptr [ebp+122D2558h], ebx 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 sub dword ptr [ebp+122D2558h], ecx 0x0000004d mov dword ptr [ebp+122D2D6Fh], eax 0x00000053 stc 0x00000054 mov esi, 0000003Ch 0x00000059 jmp 00007EFFACBF2F99h 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 js 00007EFFACBF2F98h 0x00000068 jmp 00007EFFACBF2F92h 0x0000006d lodsw 0x0000006f mov dword ptr [ebp+122D2558h], eax 0x00000075 add eax, dword ptr [esp+24h] 0x00000079 jmp 00007EFFACBF2F96h 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 mov dword ptr [ebp+122D2A76h], ebx 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b jc 00007EFFACBF2F88h 0x00000091 pushad 0x00000092 popad 0x00000093 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A587B second address: 11A5880 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5880 second address: 11A5890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5890 second address: 11A58B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a stc 0x0000000b push 00000000h 0x0000000d mov edx, 551D85EBh 0x00000012 push B7DF818Bh 0x00000017 push ebx 0x00000018 ja 00007EFFAC79DCCCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A58B7 second address: 11A595D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 add dword ptr [esp], 48207EF5h 0x0000000c mov si, dx 0x0000000f mov edi, dword ptr [ebp+122D1C0Ch] 0x00000015 push 00000003h 0x00000017 sub dword ptr [ebp+122D3852h], edi 0x0000001d push 00000000h 0x0000001f movzx edx, cx 0x00000022 push 00000003h 0x00000024 push 00000000h 0x00000026 push ebx 0x00000027 call 00007EFFACBF2F88h 0x0000002c pop ebx 0x0000002d mov dword ptr [esp+04h], ebx 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc ebx 0x0000003a push ebx 0x0000003b ret 0x0000003c pop ebx 0x0000003d ret 0x0000003e mov dword ptr [ebp+122D1BFFh], edx 0x00000044 mov ecx, dword ptr [ebp+122D2DC7h] 0x0000004a push 9E19B35Eh 0x0000004f jg 00007EFFACBF2F9Fh 0x00000055 add dword ptr [esp], 21E64CA2h 0x0000005c or ecx, dword ptr [ebp+122D26E1h] 0x00000062 lea ebx, dword ptr [ebp+1244A6A4h] 0x00000068 jbe 00007EFFACBF2F8Ch 0x0000006e mov ecx, dword ptr [ebp+122D2DC7h] 0x00000074 add dl, 00000029h 0x00000077 xchg eax, ebx 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007EFFACBF2F8Bh 0x0000007f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A595D second address: 11A599B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFFAC79DCCBh 0x00000008 jmp 00007EFFAC79DCD2h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007EFFAC79DCD0h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b pushad 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5A7A second address: 11A5A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5A7E second address: 11A5AD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d xor dword ptr [esp], 093B9BD5h 0x00000014 push esi 0x00000015 clc 0x00000016 pop esi 0x00000017 adc dh, FFFFFFB2h 0x0000001a push 00000003h 0x0000001c push eax 0x0000001d mov edx, dword ptr [ebp+122D1C0Ch] 0x00000023 pop edx 0x00000024 push 00000000h 0x00000026 call 00007EFFAC79DCCEh 0x0000002b jmp 00007EFFAC79DCCEh 0x00000030 pop ecx 0x00000031 push 00000003h 0x00000033 push A19EF54Ch 0x00000038 push eax 0x00000039 push edx 0x0000003a jnl 00007EFFAC79DCC8h 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5AD2 second address: 11A5ADC instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFFACBF2F8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5ADC second address: 11A5B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 619EF54Ch 0x0000000d mov dword ptr [ebp+122D1BE8h], ecx 0x00000013 lea ebx, dword ptr [ebp+1244A6ADh] 0x00000019 mov dword ptr [ebp+122D343Bh], ebx 0x0000001f mov edx, dword ptr [ebp+122D2BDFh] 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007EFFAC79DCD3h 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5B17 second address: 11A5B21 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFFACBF2F8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5BCD second address: 11A5C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 add dword ptr [esp], 0DADA6F8h 0x0000000f mov dx, FA4Bh 0x00000013 push 00000003h 0x00000015 mov cx, 7480h 0x00000019 push 00000000h 0x0000001b add edx, dword ptr [ebp+122D2B43h] 0x00000021 push 00000003h 0x00000023 push edi 0x00000024 mov dword ptr [ebp+122D1BD7h], ecx 0x0000002a pop esi 0x0000002b push ACFD08BFh 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007EFFAC79DCD5h 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11A5C15 second address: 11A5C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11B74BB second address: 11B74C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4463 second address: 11C4470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007EFFACBF2F86h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4470 second address: 11C44A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD4h 0x00000007 jl 00007EFFAC79DCC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007EFFAC79DCD0h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4622 second address: 11C4627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4627 second address: 11C4664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD2h 0x00000007 jmp 00007EFFAC79DCCFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnp 00007EFFAC79DCFBh 0x00000014 jno 00007EFFAC79DCCCh 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C47DD second address: 11C47FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F94h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4959 second address: 11C495E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4BBD second address: 11C4BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4D31 second address: 11C4D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4D37 second address: 11C4D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007EFFACBF2F86h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4D49 second address: 11C4D7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007EFFAC79DCC6h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007EFFAC79DCCBh 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4D7B second address: 11C4D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007EFFACBF2F86h 0x0000000a jmp 00007EFFACBF2F91h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C4F03 second address: 11C4F2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jmp 00007EFFAC79DCD4h 0x00000011 pop edi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C50C8 second address: 11C50E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFACBF2F92h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C50E3 second address: 11C50E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C526E second address: 11C527C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007EFFACBF2F86h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C5606 second address: 11C5629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007EFFAC79DCD7h 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11BAA14 second address: 11BAA19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C5794 second address: 11C579A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C579A second address: 11C57A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C5DB3 second address: 11C5DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C64B5 second address: 11C64CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 js 00007EFFACBF2FA8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 ja 00007EFFACBF2F86h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C96F0 second address: 11C96F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C96F5 second address: 11C9707 instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFFACBF2F88h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C9707 second address: 11C970B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11C970B second address: 11C970F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11CB885 second address: 11CB8A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD9h 0x00000007 jng 00007EFFAC79DCCEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D0793 second address: 11D0797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11CFF35 second address: 11CFF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11CFF3E second address: 11CFF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11CFF42 second address: 11CFF46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D0371 second address: 11D0377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D3B6B second address: 11D3B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D3C70 second address: 11D3C95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F99h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D46C6 second address: 11D4715 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007EFFAC79DCC6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebx 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007EFFAC79DCC8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 jo 00007EFFAC79DCC6h 0x0000002f jmp 00007EFFAC79DCD5h 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D4715 second address: 11D471F instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFFACBF2F86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D49C9 second address: 11D49CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D49CE second address: 11D49D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007EFFACBF2F86h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D66C5 second address: 11D6748 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFFAC79DCCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007EFFAC79DCD7h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007EFFAC79DCC8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d clc 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007EFFAC79DCC8h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 0000001Ch 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a sub dword ptr [ebp+122D33A2h], eax 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D6748 second address: 11D6753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007EFFACBF2F86h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D7A61 second address: 11D7A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D7A65 second address: 11D7A7E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F8Dh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D7A7E second address: 11D7A92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D8E5A second address: 11D8E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFACBF2F93h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D7A92 second address: 11D7AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFAC79DCD1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D97F7 second address: 11D97FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D97FE second address: 11D982C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c mov si, C8CCh 0x00000010 call 00007EFFAC79DCD0h 0x00000015 pop edi 0x00000016 push 00000000h 0x00000018 xchg eax, ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b je 00007EFFAC79DCCCh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D982C second address: 11D9830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D9830 second address: 11D9851 instructions: 0x00000000 rdtsc 0x00000002 je 00007EFFAC79DCC8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007EFFAC79DCD0h 0x00000015 pop eax 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D9851 second address: 11D9857 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DA328 second address: 11DA32E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DA32E second address: 11DA3B1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFFACBF2F86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007EFFACBF2F88h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov esi, dword ptr [ebp+122D1F50h] 0x0000002d push 00000000h 0x0000002f mov edi, 2294E5A2h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007EFFACBF2F88h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 0000001Ch 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 mov esi, dword ptr [ebp+122D27FEh] 0x00000056 mov dword ptr [ebp+122D23A6h], eax 0x0000005c xchg eax, ebx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007EFFACBF2F90h 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DB881 second address: 11DB885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DB885 second address: 11DB8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007EFFACBF2F8Fh 0x0000000e push esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 popad 0x00000013 nop 0x00000014 mov si, 624Eh 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007EFFACBF2F88h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 jo 00007EFFACBF2F8Eh 0x0000003a push edx 0x0000003b mov esi, dword ptr [ebp+122D2CE7h] 0x00000041 pop esi 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 push eax 0x00000049 pop eax 0x0000004a pushad 0x0000004b popad 0x0000004c popad 0x0000004d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DD85A second address: 11DD891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007EFFAC79DCCAh 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 jmp 00007EFFAC79DCCAh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007EFFAC79DCD6h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DD891 second address: 11DD897 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DD897 second address: 11DD8B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007EFFAC79DCC6h 0x00000012 jne 00007EFFAC79DCC6h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DD8B0 second address: 11DD8C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007EFFACBF2F8Fh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DB643 second address: 11DB647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DFE5B second address: 11DFE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11DFE5F second address: 11DFE63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E0F09 second address: 11E0F0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E5022 second address: 11E5028 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E5028 second address: 11E5090 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F95h 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 jp 00007EFFACBF2FB5h 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c jmp 00007EFFACBF2F8Dh 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E5090 second address: 11E5094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E3166 second address: 11E316C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E316C second address: 11E3172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E3172 second address: 11E318E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007EFFACBF2F91h 0x00000011 jmp 00007EFFACBF2F8Bh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E5835 second address: 11E583B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E77D6 second address: 11E783E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+12446C37h], eax 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+1245BEBFh], ecx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007EFFACBF2F88h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 0000001Bh 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007EFFACBF2F97h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11E8A13 second address: 11E8A1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EB93A second address: 11EB96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D1BE0h] 0x0000000f push 00000000h 0x00000011 mov edi, dword ptr [ebp+122D2BE7h] 0x00000017 push 00000000h 0x00000019 jns 00007EFFACBF2F95h 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EB96F second address: 11EB989 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11ECAA0 second address: 11ECAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F8Dh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EBC3F second address: 11EBC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EBC4A second address: 11EBC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11ECBCC second address: 11ECBF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007EFFAC79DCD2h 0x00000010 je 00007EFFAC79DCCCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EDB9B second address: 11EDB9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EDC5F second address: 11EDC65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11EDC65 second address: 11EDC6F instructions: 0x00000000 rdtsc 0x00000002 je 00007EFFACBF2F8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F4191 second address: 11F419A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F2254 second address: 11F2258 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F7C82 second address: 11F7C9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F7C9E second address: 11F7CAC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F7CAC second address: 11F7CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11F9273 second address: 11F9277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11FD8C3 second address: 11FD8F5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFFAC79DCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push edx 0x0000000c jmp 00007EFFAC79DCCCh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007EFFAC79DCD6h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 118DDB3 second address: 118DDB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1202929 second address: 120294F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007EFFAC79DCD9h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 120294F second address: 120296E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFFACBF2F8Dh 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 120296E second address: 1202972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1202972 second address: 1202987 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1202987 second address: 12029AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007EFFAC79DCD8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12029AE second address: 12029B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1202AC9 second address: 1202AE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 119B44A second address: 119B454 instructions: 0x00000000 rdtsc 0x00000002 jl 00007EFFACBF2F8Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 119B454 second address: 119B45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1207DCB second address: 1207E02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007EFFACBF2F86h 0x0000000a jg 00007EFFACBF2F86h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007EFFACBF2F8Ah 0x00000017 jmp 00007EFFACBF2F94h 0x0000001c je 00007EFFACBF2F86h 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1208226 second address: 1208243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007EFFAC79DCCEh 0x0000000a pushad 0x0000000b je 00007EFFAC79DCC6h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1208243 second address: 120824D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 120824D second address: 1208256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1208256 second address: 120825C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D243D second address: 11BAA14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jno 00007EFFAC79DCC6h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp], eax 0x00000017 movzx edx, dx 0x0000001a lea eax, dword ptr [ebp+124771FDh] 0x00000020 mov dl, cl 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007EFFAC79DCD7h 0x00000029 push edx 0x0000002a push edx 0x0000002b pop edx 0x0000002c pop edx 0x0000002d popad 0x0000002e mov dword ptr [esp], eax 0x00000031 adc dx, 056Eh 0x00000036 call dword ptr [ebp+122D23F1h] 0x0000003c jmp 00007EFFAC79DCD3h 0x00000041 push eax 0x00000042 push edx 0x00000043 push ebx 0x00000044 jo 00007EFFAC79DCC6h 0x0000004a pushad 0x0000004b popad 0x0000004c pop ebx 0x0000004d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D254D second address: 11D2553 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2553 second address: 11D2557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2557 second address: 11D255B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2A35 second address: 102ED9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f jno 00007EFFAC79DCCCh 0x00000015 push dword ptr [ebp+122D06C9h] 0x0000001b push ecx 0x0000001c add dword ptr [ebp+122D1BF2h], esi 0x00000022 pop ecx 0x00000023 call dword ptr [ebp+122D26F6h] 0x00000029 pushad 0x0000002a jmp 00007EFFAC79DCCCh 0x0000002f xor eax, eax 0x00000031 mov dword ptr [ebp+122D2558h], ebx 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b sub dword ptr [ebp+122D2558h], ecx 0x00000041 mov dword ptr [ebp+122D2D6Fh], eax 0x00000047 stc 0x00000048 mov esi, 0000003Ch 0x0000004d jmp 00007EFFAC79DCD9h 0x00000052 add esi, dword ptr [esp+24h] 0x00000056 js 00007EFFAC79DCD8h 0x0000005c jmp 00007EFFAC79DCD2h 0x00000061 lodsw 0x00000063 mov dword ptr [ebp+122D2558h], eax 0x00000069 add eax, dword ptr [esp+24h] 0x0000006d jmp 00007EFFAC79DCD6h 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 mov dword ptr [ebp+122D2A76h], ebx 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f jc 00007EFFAC79DCC8h 0x00000085 pushad 0x00000086 popad 0x00000087 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2AE1 second address: 11D2AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2AE5 second address: 11D2AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007EFFAC79DCC8h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2AF9 second address: 11D2AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2AFE second address: 11D2B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007EFFAC79DCD9h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2B3E second address: 11D2B8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop eax 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007EFFACBF2F88h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f xor edi, dword ptr [ebp+122D2C4Bh] 0x00000035 push 65585B3Dh 0x0000003a push eax 0x0000003b push edx 0x0000003c push esi 0x0000003d jmp 00007EFFACBF2F8Dh 0x00000042 pop esi 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2B8C second address: 11D2B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2CA6 second address: 11D2CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov ebx, ecx 0x0000000c popad 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFFACBF2F8Eh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2CC4 second address: 11D2CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2CCA second address: 11D2CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2CCE second address: 11D2CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007EFFAC79DCCCh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2CE5 second address: 11D2CEA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2E4A second address: 11D2E4F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D2FCD second address: 11D2FD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D338F second address: 11D3395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D3395 second address: 11D3399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D3399 second address: 11D339D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D339D second address: 11D3404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007EFFACBF2F88h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 pushad 0x00000026 je 00007EFFACBF2F8Ch 0x0000002c add ebx, dword ptr [ebp+122D332Bh] 0x00000032 adc edx, 3A446026h 0x00000038 popad 0x00000039 push 0000001Eh 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007EFFACBF2F88h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 00000018h 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 mov di, 6B4Ah 0x00000059 nop 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d push ecx 0x0000005e pop ecx 0x0000005f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11D3404 second address: 11D3439 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFFAC79DCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007EFFAC79DCDFh 0x00000010 popad 0x00000011 push eax 0x00000012 jl 00007EFFAC79DCD0h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11BB4BA second address: 11BB4C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12105DA second address: 12105DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12105DE second address: 12105E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1210844 second address: 121084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121084A second address: 121085B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007EFFACBF2F86h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121085B second address: 1210860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121575D second address: 121577D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007EFFACBF2F86h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e jmp 00007EFFACBF2F8Ah 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121577D second address: 1215792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD0h 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1215904 second address: 1215921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFACBF2F98h 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1215921 second address: 121592B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007EFFAC79DCC6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1215DC7 second address: 1215DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1215F1E second address: 1215F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1215F23 second address: 1215F2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007EFFACBF2F86h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1216234 second address: 1216251 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFFAC79DCC6h 0x00000008 jmp 00007EFFAC79DCD3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1216251 second address: 1216298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F96h 0x00000007 pushad 0x00000008 jnp 00007EFFACBF2F86h 0x0000000e jmp 00007EFFACBF2F97h 0x00000013 jmp 00007EFFACBF2F8Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12163DE second address: 12163E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1216983 second address: 121699E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFFACBF2F96h 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12151ED second address: 12151F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12151F6 second address: 12151FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12151FC second address: 1215229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007EFFAC79DCD9h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121C62B second address: 121C632 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 118A7DC second address: 118A7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD2h 0x00000009 jng 00007EFFAC79DCC6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 118A7FD second address: 118A801 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 118A801 second address: 118A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007EFFAC79DCCDh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B489 second address: 121B4A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F8Bh 0x00000007 jns 00007EFFACBF2F86h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jo 00007EFFACBF2F86h 0x00000016 pop edi 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B4A6 second address: 121B4E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007EFFAC79DCD9h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007EFFAC79DCD2h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121BAA2 second address: 121BAAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121BAAF second address: 121BAB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121BAB4 second address: 121BAB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121BAB9 second address: 121BACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFFAC79DCC6h 0x0000000a jp 00007EFFAC79DCC6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B033 second address: 121B03B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B03B second address: 121B079 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD3h 0x00000007 jo 00007EFFAC79DCC8h 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jno 00007EFFAC79DCDBh 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B079 second address: 121B085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFFACBF2F86h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121B085 second address: 121B08F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121C07D second address: 121C081 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 121C350 second address: 121C36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD7h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1223DE3 second address: 1223DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1224241 second address: 1224247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1224247 second address: 122424B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122424B second address: 1224254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1224254 second address: 1224263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007EFFACBF2F86h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1224263 second address: 1224297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007EFFAC79DCC6h 0x00000013 jmp 00007EFFAC79DCD4h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1224297 second address: 122429D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 11872CB second address: 11872D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12265FE second address: 1226645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007EFFACBF2F92h 0x0000000f jmp 00007EFFACBF2F99h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1226645 second address: 122664A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122664A second address: 122666D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFFACBF2F97h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122666D second address: 1226671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122AE7C second address: 122AE84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122AFF4 second address: 122AFF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EB1A second address: 122EB3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007EFFACBF2F99h 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EB3D second address: 122EB60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFAC79DCD1h 0x00000011 je 00007EFFAC79DCC6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EB60 second address: 122EB74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007EFFACBF2F8Ch 0x0000000e jbe 00007EFFACBF2F86h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EB74 second address: 122EB87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCEh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EB87 second address: 122EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EF5E second address: 122EF70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFFAC79DCCBh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EF70 second address: 122EF76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EF76 second address: 122EF7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 122EF7C second address: 122EF83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1234C11 second address: 1234C17 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1234C17 second address: 1234C2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007EFFACBF2F8Ah 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12337DF second address: 1233818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jnp 00007EFFAC79DCC6h 0x0000000c pop edi 0x0000000d jmp 00007EFFAC79DCD2h 0x00000012 jmp 00007EFFAC79DCD4h 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233818 second address: 123381C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123381C second address: 1233836 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFFAC79DCC6h 0x00000008 jo 00007EFFAC79DCC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123398F second address: 1233995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233995 second address: 123399C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123399C second address: 12339A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12339A2 second address: 12339A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233B15 second address: 1233B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233B19 second address: 1233B1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233B1D second address: 1233B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233C3E second address: 1233C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD8h 0x00000009 popad 0x0000000a jmp 00007EFFAC79DCCFh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007EFFAC79DCD2h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233DBA second address: 1233DCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F90h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233F22 second address: 1233F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007EFFAC79DCC6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1233F2F second address: 1233F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007EFFACBF2F8Ah 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007EFFACBF2F92h 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007EFFACBF2F8Dh 0x0000001d js 00007EFFACBF2F86h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123B3C1 second address: 123B3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123BCB9 second address: 123BCBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123BCBF second address: 123BCD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFAC79DCD4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123BCD7 second address: 123BCE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123C2D9 second address: 123C2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD0h 0x00000009 popad 0x0000000a jo 00007EFFAC79DCCCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123C878 second address: 123C88C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFACBF2F8Fh 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 123CB88 second address: 123CB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1240BD0 second address: 1240BD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1240047 second address: 1240056 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007EFFAC79DCC6h 0x0000000b pop edi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1240351 second address: 1240372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFACBF2F97h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1240372 second address: 1240379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124063B second address: 1240646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1240646 second address: 124064A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124064A second address: 1240650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124BE4A second address: 124BE64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCD3h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124C3DF second address: 124C3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007EFFACBF2F86h 0x0000000a jl 00007EFFACBF2F86h 0x00000010 popad 0x00000011 pushad 0x00000012 je 00007EFFACBF2F86h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124C3FF second address: 124C41A instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFFAC79DCC6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFFAC79DCCDh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D8F8 second address: 124D913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFFACBF2F86h 0x0000000a popad 0x0000000b jg 00007EFFACBF2F88h 0x00000011 pushad 0x00000012 popad 0x00000013 jg 00007EFFACBF2F96h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D913 second address: 124D93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCCAh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFFAC79DCD6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D93C second address: 124D946 instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFFACBF2F86h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D946 second address: 124D94C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D94C second address: 124D954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124D954 second address: 124D958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124B872 second address: 124B876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 124B876 second address: 124B87C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1253B88 second address: 1253B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1253B8C second address: 1253B94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1253B94 second address: 1253B9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1253B9A second address: 1253BA9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFFAC79DCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1259EF0 second address: 1259EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 125B4FF second address: 125B51B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFFAC79DCC6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jmp 00007EFFAC79DCCBh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 125B51B second address: 125B51F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 125B51F second address: 125B54A instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFFAC79DCC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFAC79DCD9h 0x00000011 jbe 00007EFFAC79DCC6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12631B9 second address: 12631BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1267113 second address: 126714A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD0h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFFAC79DCD3h 0x00000012 jmp 00007EFFAC79DCCCh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1266CE4 second address: 1266CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1266CEC second address: 1266CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1266CF0 second address: 1266CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1266CF4 second address: 1266D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnp 00007EFFAC79DCC6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1266D07 second address: 1266D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007EFFACBF2F88h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1269EE0 second address: 1269EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007EFFAC79DCC6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1269EF1 second address: 1269EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 127330A second address: 1273310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1278FA5 second address: 1278FA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1278FA9 second address: 1278FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1278FAF second address: 1278FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFACBF2F8Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282D66 second address: 1282D87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282D87 second address: 1282D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282D8B second address: 1282D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282D91 second address: 1282D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282D97 second address: 1282DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 jno 00007EFFAC79DCC6h 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282EE7 second address: 1282EED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282EED second address: 1282F28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 je 00007EFFAC79DCC6h 0x0000000f jne 00007EFFAC79DCC6h 0x00000015 popad 0x00000016 jmp 00007EFFAC79DCD6h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007EFFAC79DCCCh 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1282F28 second address: 1282F33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007EFFACBF2F86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1283064 second address: 1283080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007EFFAC79DCCFh 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12831EC second address: 12831FC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007EFFACBF2F86h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 128334F second address: 1283363 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFFAC79DCC6h 0x00000008 js 00007EFFAC79DCC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1283363 second address: 1283369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1283369 second address: 128339E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFFAC79DCC6h 0x00000008 jmp 00007EFFAC79DCD8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 popad 0x00000016 push ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 pop eax 0x0000001a jnp 00007EFFAC79DCC6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12834DD second address: 12834E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007EFFACBF2F86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12834E8 second address: 12834F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007EFFAC79DCC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1284081 second address: 12840B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFFACBF2F92h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12840B0 second address: 128410B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007EFFAC79DCCEh 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007EFFAC79DCD7h 0x0000001a popad 0x0000001b jmp 00007EFFAC79DCD8h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 128410B second address: 1284110 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1289B9A second address: 1289BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFFAC79DCCCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1289BAA second address: 1289BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 1297BCE second address: 1297BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007EFFAC79DCE3h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12A953F second address: 12A9558 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F8Ch 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a je 00007EFFACBF2F86h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12A969E second address: 12A96A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C20E3 second address: 12C20FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007EFFACBF2F8Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C20FB second address: 12C20FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C20FF second address: 12C2109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007EFFACBF2F86h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C227D second address: 12C2290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C2C1F second address: 12C2C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C2C28 second address: 12C2C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C2C2E second address: 12C2C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C70D4 second address: 12C7129 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a ja 00007EFFAC79DCCCh 0x00000010 push 00000004h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007EFFAC79DCC8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c xor dword ptr [ebp+1244A89Eh], esi 0x00000032 call 00007EFFAC79DCC9h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushad 0x0000003b popad 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C7129 second address: 12C7133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007EFFACBF2F86h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C7133 second address: 12C7137 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C7137 second address: 12C7170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007EFFACBF2F8Eh 0x0000000f jmp 00007EFFACBF2F97h 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C7170 second address: 12C7174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C7174 second address: 12C7178 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 12C884C second address: 12C8869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007EFFAC79DCD7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B0329 second address: 52B0355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F8Ch 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B0355 second address: 52B03B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007EFFAC79DCD1h 0x00000008 pop esi 0x00000009 push ebx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007EFFAC79DCD3h 0x00000014 mov ebp, esp 0x00000016 jmp 00007EFFAC79DCD6h 0x0000001b mov edx, dword ptr [ebp+0Ch] 0x0000001e jmp 00007EFFAC79DCD0h 0x00000023 mov ecx, dword ptr [ebp+08h] 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B03D0 second address: 52B03D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B03D6 second address: 52B03EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B03EF second address: 52B03F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B03F3 second address: 52B03F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E03B6 second address: 52E041E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bh 0x00000005 mov di, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007EFFACBF2F8Dh 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 mov dx, cx 0x00000016 call 00007EFFACBF2F98h 0x0000001b pushad 0x0000001c popad 0x0000001d pop esi 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 jmp 00007EFFACBF2F97h 0x00000026 xchg eax, ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007EFFACBF2F90h 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E041E second address: 52E0424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0424 second address: 52E0454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F8Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov di, 20C4h 0x0000000f mov eax, ebx 0x00000011 popad 0x00000012 xchg eax, ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007EFFACBF2F92h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0454 second address: 52E0508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b jmp 00007EFFAC79DCD4h 0x00000010 mov bh, ch 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007EFFAC79DCD8h 0x0000001c add ecx, 794A3A38h 0x00000022 jmp 00007EFFAC79DCCBh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007EFFAC79DCD8h 0x0000002e sub esi, 2D2F3498h 0x00000034 jmp 00007EFFAC79DCCBh 0x00000039 popfd 0x0000003a popad 0x0000003b pushfd 0x0000003c jmp 00007EFFAC79DCD8h 0x00000041 sbb cx, DEF8h 0x00000046 jmp 00007EFFAC79DCCBh 0x0000004b popfd 0x0000004c popad 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0508 second address: 52E050C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E050C second address: 52E0527 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0527 second address: 52E052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E052D second address: 52E056C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b jmp 00007EFFAC79DCD7h 0x00000010 nop 0x00000011 jmp 00007EFFAC79DCD6h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E056C second address: 52E0572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0572 second address: 52E0577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0577 second address: 52E05D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov bl, ah 0x0000000d pushfd 0x0000000e jmp 00007EFFACBF2F99h 0x00000013 sub al, 00000016h 0x00000016 jmp 00007EFFACBF2F91h 0x0000001b popfd 0x0000001c popad 0x0000001d push dword ptr [ebp+08h] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E05D1 second address: 52E05D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E05D5 second address: 52E05DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0628 second address: 52E0677 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007EFFAC79DCD8h 0x00000008 adc ax, C928h 0x0000000d jmp 00007EFFAC79DCCBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 cmp dword ptr [ebp-04h], 00000000h 0x0000001a pushad 0x0000001b mov ebx, esi 0x0000001d jmp 00007EFFAC79DCD0h 0x00000022 popad 0x00000023 mov esi, eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0677 second address: 52E067B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E067B second address: 52E0681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0052 second address: 52D0056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0056 second address: 52D005A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D005A second address: 52D0060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0060 second address: 52D008B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov edi, 3E65832Ah 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push FFFFFFFEh 0x0000000f jmp 00007EFFAC79DCD1h 0x00000014 push 307C7249h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D008B second address: 52D008F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D008F second address: 52D0093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0093 second address: 52D0099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0099 second address: 52D0100 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007EFFAC79DCD1h 0x00000009 xor cx, C406h 0x0000000e jmp 00007EFFAC79DCD1h 0x00000013 popfd 0x00000014 mov esi, 2442A3B7h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xor dword ptr [esp], 45D6EC01h 0x00000023 jmp 00007EFFAC79DCCAh 0x00000028 call 00007EFFAC79DCC9h 0x0000002d jmp 00007EFFAC79DCD0h 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push ecx 0x00000037 pop ebx 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0100 second address: 52D0154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007EFFACBF2F95h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007EFFACBF2F91h 0x0000000f jmp 00007EFFACBF2F8Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007EFFACBF2F94h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0154 second address: 52D015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D015A second address: 52D0175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F8Fh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0175 second address: 52D019F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov dx, cx 0x00000013 mov dh, al 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D019F second address: 52D021C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 1D5Dh 0x00000007 pushfd 0x00000008 jmp 00007EFFACBF2F8Ah 0x0000000d and eax, 54C739B8h 0x00000013 jmp 00007EFFACBF2F8Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pop eax 0x0000001d pushad 0x0000001e mov si, 7A0Bh 0x00000022 mov dx, si 0x00000025 popad 0x00000026 mov eax, dword ptr fs:[00000000h] 0x0000002c pushad 0x0000002d jmp 00007EFFACBF2F98h 0x00000032 pushfd 0x00000033 jmp 00007EFFACBF2F92h 0x00000038 sbb esi, 74A95E78h 0x0000003e jmp 00007EFFACBF2F8Bh 0x00000043 popfd 0x00000044 popad 0x00000045 nop 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D021C second address: 52D0222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0222 second address: 52D0228 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0228 second address: 52D022C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D022C second address: 52D0230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0230 second address: 52D0253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov di, 4A84h 0x0000000e jmp 00007EFFAC79DCCDh 0x00000013 popad 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0253 second address: 52D0257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0257 second address: 52D026A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D026A second address: 52D0282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFACBF2F94h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0282 second address: 52D02BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 18h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007EFFAC79DCCBh 0x00000017 jmp 00007EFFAC79DCD3h 0x0000001c popfd 0x0000001d mov ax, 492Fh 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D02BE second address: 52D03EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c movzx esi, di 0x0000000f pushfd 0x00000010 jmp 00007EFFACBF2F8Fh 0x00000015 add ecx, 0978291Eh 0x0000001b jmp 00007EFFACBF2F99h 0x00000020 popfd 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007EFFACBF2F90h 0x00000028 jmp 00007EFFACBF2F95h 0x0000002d popfd 0x0000002e popad 0x0000002f push eax 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007EFFACBF2F97h 0x00000037 sbb cl, FFFFFF8Eh 0x0000003a jmp 00007EFFACBF2F99h 0x0000003f popfd 0x00000040 mov bl, ah 0x00000042 popad 0x00000043 xchg eax, ebx 0x00000044 jmp 00007EFFACBF2F93h 0x00000049 xchg eax, esi 0x0000004a pushad 0x0000004b pushfd 0x0000004c jmp 00007EFFACBF2F94h 0x00000051 adc ch, 00000068h 0x00000054 jmp 00007EFFACBF2F8Bh 0x00000059 popfd 0x0000005a pushfd 0x0000005b jmp 00007EFFACBF2F98h 0x00000060 sub ax, 0FC8h 0x00000065 jmp 00007EFFACBF2F8Bh 0x0000006a popfd 0x0000006b popad 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007EFFACBF2F94h 0x00000074 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D03EC second address: 52D03FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFAC79DCCEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D03FE second address: 52D0402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0402 second address: 52D04C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a jmp 00007EFFAC79DCCDh 0x0000000f call 00007EFFAC79DCD0h 0x00000014 call 00007EFFAC79DCD2h 0x00000019 pop eax 0x0000001a pop edi 0x0000001b popad 0x0000001c xchg eax, edi 0x0000001d pushad 0x0000001e movzx ecx, bx 0x00000021 mov ecx, edi 0x00000023 popad 0x00000024 push eax 0x00000025 pushad 0x00000026 mov edi, esi 0x00000028 mov eax, 6592AD73h 0x0000002d popad 0x0000002e xchg eax, edi 0x0000002f jmp 00007EFFAC79DCD6h 0x00000034 mov eax, dword ptr [75AB4538h] 0x00000039 jmp 00007EFFAC79DCD0h 0x0000003e xor dword ptr [ebp-08h], eax 0x00000041 pushad 0x00000042 pushad 0x00000043 pushad 0x00000044 popad 0x00000045 call 00007EFFAC79DCCAh 0x0000004a pop esi 0x0000004b popad 0x0000004c pushfd 0x0000004d jmp 00007EFFAC79DCCBh 0x00000052 sbb cx, C8EEh 0x00000057 jmp 00007EFFAC79DCD9h 0x0000005c popfd 0x0000005d popad 0x0000005e xor eax, ebp 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 mov di, 564Eh 0x00000067 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D04C4 second address: 52D0576 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007EFFACBF2F8Fh 0x00000008 xor ah, FFFFFFFEh 0x0000000b jmp 00007EFFACBF2F99h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007EFFACBF2F8Eh 0x0000001a jmp 00007EFFACBF2F95h 0x0000001f popfd 0x00000020 call 00007EFFACBF2F90h 0x00000025 pop esi 0x00000026 popad 0x00000027 popad 0x00000028 push esi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c call 00007EFFACBF2F93h 0x00000031 pop esi 0x00000032 pushfd 0x00000033 jmp 00007EFFACBF2F99h 0x00000038 and ch, FFFFFFA6h 0x0000003b jmp 00007EFFACBF2F91h 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0576 second address: 52D0599 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ah, dh 0x00000011 mov eax, 213390DBh 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0599 second address: 52D059F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D059F second address: 52D0632 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e pushad 0x0000000f mov bx, cx 0x00000012 movzx ecx, bx 0x00000015 popad 0x00000016 mov dword ptr fs:[00000000h], eax 0x0000001c jmp 00007EFFAC79DCD3h 0x00000021 mov dword ptr [ebp-18h], esp 0x00000024 jmp 00007EFFAC79DCD6h 0x00000029 mov eax, dword ptr fs:[00000018h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov esi, ebx 0x00000034 pushfd 0x00000035 jmp 00007EFFAC79DCD9h 0x0000003a sub si, F586h 0x0000003f jmp 00007EFFAC79DCD1h 0x00000044 popfd 0x00000045 popad 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0632 second address: 52D0637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D0637 second address: 52D06AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 1710h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, dword ptr [eax+00000FDCh] 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007EFFAC79DCD5h 0x00000018 sbb eax, 75A09D96h 0x0000001e jmp 00007EFFAC79DCD1h 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007EFFAC79DCD0h 0x0000002a jmp 00007EFFAC79DCD5h 0x0000002f popfd 0x00000030 popad 0x00000031 test ecx, ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov bx, 4F7Eh 0x0000003a mov bl, E5h 0x0000003c popad 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D06AB second address: 52D06CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 push ebx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007EFFACBF2FC5h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007EFFACBF2F90h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D06CD second address: 52D06D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52D06D3 second address: 52D06D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C023F second address: 52C0250 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0250 second address: 52C026D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dh, ch 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C026D second address: 52C0282 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007EFFAC79DCCAh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0282 second address: 52C02D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 3B03h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a sub esp, 2Ch 0x0000000d pushad 0x0000000e mov ebx, ecx 0x00000010 movzx eax, di 0x00000013 popad 0x00000014 push ebp 0x00000015 jmp 00007EFFACBF2F98h 0x0000001a mov dword ptr [esp], ebx 0x0000001d pushad 0x0000001e push edx 0x0000001f mov bl, ah 0x00000021 pop ebx 0x00000022 popad 0x00000023 xchg eax, edi 0x00000024 jmp 00007EFFACBF2F90h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C02D0 second address: 52C02D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C02D4 second address: 52C02F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F98h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0427 second address: 52C042B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C047F second address: 52C049B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C049B second address: 52C049F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C049F second address: 52C04A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C04A3 second address: 52C04A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C04A9 second address: 52C04D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, E297h 0x00000007 push eax 0x00000008 pop edx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007EFFACBF2F99h 0x00000012 nop 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov esi, 6D1EB949h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0516 second address: 52C051C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C051C second address: 52C0520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0520 second address: 52C053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C053B second address: 52C0541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0541 second address: 52C0575 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F001CF3BBFBh 0x0000000f pushad 0x00000010 movsx edi, cx 0x00000013 popad 0x00000014 js 00007EFFAC79DD16h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007EFFAC79DCCBh 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0575 second address: 52C0680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-14h], edi 0x0000000c pushad 0x0000000d mov ax, 1873h 0x00000011 mov eax, 2587C8CFh 0x00000016 popad 0x00000017 jne 00007F001D390E81h 0x0000001d jmp 00007EFFACBF2F92h 0x00000022 mov ebx, dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 call 00007EFFACBF2F8Eh 0x0000002b pushad 0x0000002c popad 0x0000002d pop ecx 0x0000002e jmp 00007EFFACBF2F91h 0x00000033 popad 0x00000034 lea eax, dword ptr [ebp-2Ch] 0x00000037 pushad 0x00000038 jmp 00007EFFACBF2F8Ch 0x0000003d jmp 00007EFFACBF2F92h 0x00000042 popad 0x00000043 xchg eax, esi 0x00000044 pushad 0x00000045 mov si, 9C4Dh 0x00000049 pushad 0x0000004a jmp 00007EFFACBF2F98h 0x0000004f pushfd 0x00000050 jmp 00007EFFACBF2F92h 0x00000055 sub eax, 1FC7D1C8h 0x0000005b jmp 00007EFFACBF2F8Bh 0x00000060 popfd 0x00000061 popad 0x00000062 popad 0x00000063 push eax 0x00000064 jmp 00007EFFACBF2F99h 0x00000069 xchg eax, esi 0x0000006a jmp 00007EFFACBF2F8Eh 0x0000006f nop 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 jmp 00007EFFACBF2F8Ah 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0680 second address: 52C068F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C068F second address: 52C06BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFFACBF2F8Ch 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C06BB second address: 52C06CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFAC79DCCEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0737 second address: 52C0765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007EFFACBF2F91h 0x00000009 add ax, F1D6h 0x0000000e jmp 00007EFFACBF2F91h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0765 second address: 52C0777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movsx edi, si 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0777 second address: 52B0E23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, 074E2610h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d test esi, esi 0x0000000f jmp 00007EFFACBF2F8Fh 0x00000014 je 00007F001D390E46h 0x0000001a xor eax, eax 0x0000001c jmp 00007EFFACBCC6BAh 0x00000021 pop esi 0x00000022 pop edi 0x00000023 pop ebx 0x00000024 leave 0x00000025 retn 0004h 0x00000028 nop 0x00000029 cmp eax, 00000000h 0x0000002c setne cl 0x0000002f xor ebx, ebx 0x00000031 test cl, 00000001h 0x00000034 jne 00007EFFACBF2F87h 0x00000036 jmp 00007EFFACBF30FBh 0x0000003b call 00007EFFB0E9D03Fh 0x00000040 mov edi, edi 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 mov si, A925h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B0E23 second address: 52B0E8C instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007EFFAC79DCCAh 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007EFFAC79DCCEh 0x00000018 adc si, 8D68h 0x0000001d jmp 00007EFFAC79DCCBh 0x00000022 popfd 0x00000023 pushad 0x00000024 mov esi, 082B1275h 0x00000029 push esi 0x0000002a pop edx 0x0000002b popad 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f jmp 00007EFFAC79DCCCh 0x00000034 xchg eax, ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007EFFAC79DCD7h 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B0E8C second address: 52B0ECB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFACBF2F99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007EFFACBF2F91h 0x0000000f xchg eax, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007EFFACBF2F8Dh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52B0ECB second address: 52B0EF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-04h], 55534552h 0x00000010 pushad 0x00000011 mov esi, 4E6D6D83h 0x00000016 push eax 0x00000017 push edx 0x00000018 mov cl, 25h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0C3B second address: 52C0CA6 instructions: 0x00000000 rdtsc 0x00000002 call 00007EFFACBF2F95h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d mov bl, cl 0x0000000f pushfd 0x00000010 jmp 00007EFFACBF2F99h 0x00000015 or al, FFFFFFE6h 0x00000018 jmp 00007EFFACBF2F91h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 jmp 00007EFFACBF2F8Eh 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov dx, 1DA0h 0x0000002e mov ax, dx 0x00000031 popad 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0CA6 second address: 52C0CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFAC79DCD1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0CBB second address: 52C0CE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [75AB459Ch], 05h 0x0000000f jmp 00007EFFACBF2F8Dh 0x00000014 je 00007F001D380CAEh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0CE3 second address: 52C0CE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0CE9 second address: 52C0CF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, al 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0D27 second address: 52C0DBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 mov edi, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 7FE5E10Dh 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007EFFAC79DCD1h 0x00000017 or cx, F776h 0x0000001c jmp 00007EFFAC79DCD1h 0x00000021 popfd 0x00000022 pushfd 0x00000023 jmp 00007EFFAC79DCD0h 0x00000028 jmp 00007EFFAC79DCD5h 0x0000002d popfd 0x0000002e popad 0x0000002f xor dword ptr [esp], 0A4F7D25h 0x00000036 jmp 00007EFFAC79DCCEh 0x0000003b call 00007F001CF32A9Ah 0x00000040 push 75A52B70h 0x00000045 push dword ptr fs:[00000000h] 0x0000004c mov eax, dword ptr [esp+10h] 0x00000050 mov dword ptr [esp+10h], ebp 0x00000054 lea ebp, dword ptr [esp+10h] 0x00000058 sub esp, eax 0x0000005a push ebx 0x0000005b push esi 0x0000005c push edi 0x0000005d mov eax, dword ptr [75AB4538h] 0x00000062 xor dword ptr [ebp-04h], eax 0x00000065 xor eax, ebp 0x00000067 push eax 0x00000068 mov dword ptr [ebp-18h], esp 0x0000006b push dword ptr [ebp-08h] 0x0000006e mov eax, dword ptr [ebp-04h] 0x00000071 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000078 mov dword ptr [ebp-08h], eax 0x0000007b lea eax, dword ptr [ebp-10h] 0x0000007e mov dword ptr fs:[00000000h], eax 0x00000084 ret 0x00000085 push eax 0x00000086 push edx 0x00000087 jmp 00007EFFAC79DCD7h 0x0000008c rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0DBC second address: 52C0DD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFFACBF2F94h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0E59 second address: 52C0E7B instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 je 00007F001CF217EAh 0x0000000e pushad 0x0000000f jmp 00007EFFAC79DCD0h 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0E7B second address: 52C0EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 cmp dword ptr [ebp+08h], 00002000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFFACBF2F99h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0EA3 second address: 52C0EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52C0EA9 second address: 52C0EAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E074E second address: 52E0818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov si, E3D3h 0x0000000f pushfd 0x00000010 jmp 00007EFFAC79DCD8h 0x00000015 sbb cx, 5F58h 0x0000001a jmp 00007EFFAC79DCCBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007EFFAC79DCD4h 0x0000002a sub ax, 69B8h 0x0000002f jmp 00007EFFAC79DCCBh 0x00000034 popfd 0x00000035 mov ax, DDEFh 0x00000039 popad 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c mov ah, 9Bh 0x0000003e pushfd 0x0000003f jmp 00007EFFAC79DCCDh 0x00000044 add ax, 5456h 0x00000049 jmp 00007EFFAC79DCD1h 0x0000004e popfd 0x0000004f popad 0x00000050 push eax 0x00000051 jmp 00007EFFAC79DCD1h 0x00000056 xchg eax, esi 0x00000057 jmp 00007EFFAC79DCCEh 0x0000005c mov esi, dword ptr [ebp+0Ch] 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 movsx ebx, si 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0818 second address: 52E081D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0953 second address: 52E0974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFFAC79DCCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFFAC79DCCDh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E0974 second address: 52E097A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe |
RDTSC instruction interceptor: First address: 52E09E1 second address: 52E09E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, ecx 0x00000006 popad 0x00000007 rdtsc |