Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exe |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exe) |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exeLitecoinH8 |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exeamadka. |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exenfinitecoin |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/go.exeunt.live.com |
Source: jUlAlD6KHz.exe, 00000000.00000003.1893037786.0000000001543000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exe |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exeP |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exeS |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exeger |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exenal |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exeorynet |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/cost/lenin.exe~ |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exe |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exe) |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exe.ll |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exeUser |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exei |
Source: jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exeka.exeomr |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exem |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.167/mine/amert.exet |
Source: jUlAlD6KHz.exe, 00000000.00000003.1893037786.0000000001543000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exe |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exe43 |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exe43A |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exeP-B; |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exeom |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exeomW |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.216:57893/hera/amadka.exeta |
Source: Amcache.hve.34.dr |
String found in binary or memory: http://upx.sf.net |
Source: jUlAlD6KHz.exe, 00000000.00000002.2132216693.0000000000951000.00000040.00000001.01000000.00000003.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1237843227.0000000005220000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.1296249635.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2202957067.0000000000441000.00000040.00000001.01000000.00000006.sdmp, MPGPH131.exe, 00000011.00000003.1296332877.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2179282109.0000000000441000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000003.1376086119.0000000005230000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2132330803.0000000000D41000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000002.2148843671.0000000000D41000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000003.1453811309.0000000004E60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/F |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.165.48.43 |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.165.48.437 |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=102.165.48.43S |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E7B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016B0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=102.165.48.43 |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=102.165.48.43P |
Source: MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=102.165.48.43Q |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/- |
Source: MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/C: |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E7B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.00000000010E3000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: jUlAlD6KHz.exe, 00000000.00000002.2132216693.0000000000951000.00000040.00000001.01000000.00000003.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1237843227.0000000005220000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.1296249635.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2202957067.0000000000441000.00000040.00000001.01000000.00000006.sdmp, MPGPH131.exe, 00000011.00000003.1296332877.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2179282109.0000000000441000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000003.1376086119.0000000005230000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2132330803.0000000000D41000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000002.2148843671.0000000000D41000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000003.1453811309.0000000004E60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E1A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/l |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E7B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.00000000010E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.00000000009E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43 |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43B |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43G |
Source: RageMP131.exe, 00000018.00000002.2146898769.00000000009E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43N |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43b |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43g |
Source: MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43r |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E7B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/102.165.48.43 |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://support.mozilla.org |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK |
Source: RageMP131.exe, 00000014.00000002.2137292986.0000000001713000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.k |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.0000000001543000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000002.2136263704.000000000148E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E1D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157408474.0000000001145000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183337078.0000000001145000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2150286222.0000000006210000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2150286222.0000000006246000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2155476690.0000000005D3F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, ZC9N6dBzS5ZEt9m1PmZDOPh.zip.0.dr, VKmo9cHGC7A78S8pIPnaIQM.zip.20.dr, q54ck9WjU916t0raHCeE5cn.zip.24.dr, lj9CfpGnnFdMRw3dXDPtKQ6.zip.17.dr, onJm2E6cdj2U7BbKnzc2Vlq.zip.16.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTDEFAULT |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTII$= |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.0000000001543000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTM |
Source: RageMP131.exe, 00000018.00000002.2155476690.0000000005D3F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTQQT |
Source: MPGPH131.exe, 00000011.00000003.2157408474.0000000001145000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183337078.0000000001145000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTQd |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTUR |
Source: MPGPH131.exe, 00000011.00000003.2157408474.0000000001145000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183337078.0000000001145000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTW |
Source: MPGPH131.exe, 00000011.00000002.2182717521.000000000108A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTu |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1983956022.0000000005D64000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.16.dr, passwords.txt.24.dr, passwords.txt.20.dr, passwords.txt.0.dr, passwords.txt.17.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botM |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botSS |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botSS$ |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botW |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botcu |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1971742701.0000000001531000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botlater |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botp |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botrisepro |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botu |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: jUlAlD6KHz.exe, 00000000.00000003.1990058251.00000000063BC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1985260356.0000000006394000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1987625357.00000000063A4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2104973520.0000000005D77000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2098138227.0000000005D54000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000003.2100446983.0000000005D65000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085083134.0000000005DF1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078315712.0000000005DD1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080013985.0000000005DF0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1956274175.0000000006253000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1957384922.0000000006263000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000003.1960091944.0000000006272000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1959042330.0000000005D4D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1960405646.0000000005D5D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000003.1965167827.0000000005D6C000.00000004.00000020.00020000.00000000.sdmp, hgVGsEfQ9x09Web Data.20.dr, L38Flzesp71fWeb Data.24.dr, qpr6XN5mg9uLWeb Data.0.dr, MusJyEihJF98Web Data.17.dr, VxKjJB6X6MXdWeb Data.16.dr, X2n6swCXJ031Web Data.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: MPGPH131.exe |
String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://www.mozilla.org |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW |
Source: MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.000000000171E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/e |
Source: jUlAlD6KHz.exe, 00000000.00000002.2150254606.000000000637A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2213933698.0000000005D18000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2105158973.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2093199607.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2108279592.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2102399685.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085863050.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2075517497.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078706949.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2100110148.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2077653413.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2082166036.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2116269238.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2096960773.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2084306097.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2091902515.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2097904662.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2079582915.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080356523.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2088494243.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2194557706.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/w |
Source: 3b6N2Xdh3CYwplaces.sqlite.20.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.000000000171E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000171E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ence |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/et |
Source: jUlAlD6KHz.exe, 00000000.00000002.2150254606.000000000637A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2213933698.0000000005D18000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2105158973.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2093199607.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2108279592.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2102399685.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2085863050.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2075517497.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2078706949.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2100110148.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2077653413.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2082166036.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2116269238.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2096960773.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2084306097.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2091902515.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2097904662.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2079582915.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2080356523.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000003.2088494243.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2194557706.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MPGPH131.exe, 00000011.00000003.2157650721.0000000001130000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2183297107.0000000001134000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/inin |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/inl |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/tes_1 |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: gpedit.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: dssec.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: dsuiext.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: authz.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpedit.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dssec.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dsuiext.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: authz.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpedit.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: activeds.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dssec.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dsuiext.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: adsldpc.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: authz.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntdsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpedit.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: activeds.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dssec.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dsuiext.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: framedynos.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: adsldpc.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: authz.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dsrole.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: logoncli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mpr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntdsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: vaultcli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpedit.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: activeds.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dssec.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dsuiext.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: framedynos.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: adsldpc.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: authz.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dsrole.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: logoncli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mpr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntdsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: vaultcli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BFE4CD second address: BFE501 instructions: 0x00000000 rdtsc 0x00000002 js 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007FE4194FB1BCh 0x00000010 push esi 0x00000011 jmp 00007FE4194FB1C6h 0x00000016 pop esi 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BFE501 second address: BFE519 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE418E1146Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BFE519 second address: BFE51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C00DC9 second address: C00DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418E11471h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C00DDF second address: C00E8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movzx esi, cx 0x0000000d push 00000000h 0x0000000f mov edx, dword ptr [ebp+122D36D0h] 0x00000015 cmc 0x00000016 push B02D9876h 0x0000001b jmp 00007FE4194FB1C3h 0x00000020 add dword ptr [esp], 4FD2680Ah 0x00000027 mov dword ptr [ebp+122D38C1h], ebx 0x0000002d push 00000003h 0x0000002f xor dword ptr [ebp+122D2767h], edx 0x00000035 push 00000000h 0x00000037 mov esi, edx 0x00000039 push 00000003h 0x0000003b jmp 00007FE4194FB1C1h 0x00000040 push 8C076AB5h 0x00000045 jnp 00007FE4194FB1BEh 0x0000004b jne 00007FE4194FB1B8h 0x00000051 xor dword ptr [esp], 4C076AB5h 0x00000058 sub dword ptr [ebp+122D57A7h], eax 0x0000005e lea ebx, dword ptr [ebp+12449C95h] 0x00000064 and edi, 4223EA97h 0x0000006a xchg eax, ebx 0x0000006b jnc 00007FE4194FB1C5h 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 je 00007FE4194FB1B8h 0x0000007a push ebx 0x0000007b pop ebx 0x0000007c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C00F08 second address: C00F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C00F0C second address: C00F4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FE4194FB1B8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jbe 00007FE4194FB1BCh 0x0000002c or dword ptr [ebp+122D36D0h], esi 0x00000032 mov cx, si 0x00000035 push 60CD0A47h 0x0000003a push eax 0x0000003b push edx 0x0000003c push esi 0x0000003d push ecx 0x0000003e pop ecx 0x0000003f pop esi 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C00F4E second address: C00F9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 60CD0AC7h 0x00000011 push edi 0x00000012 push ebx 0x00000013 mov esi, 469A98B6h 0x00000018 pop edx 0x00000019 pop edx 0x0000001a push 00000003h 0x0000001c mov edx, ebx 0x0000001e movsx edi, dx 0x00000021 push 00000000h 0x00000023 jnc 00007FE418E11468h 0x00000029 push 00000003h 0x0000002b mov ecx, dword ptr [ebp+122D2BFEh] 0x00000031 call 00007FE418E11469h 0x00000036 jmp 00007FE418E1146Bh 0x0000003b push eax 0x0000003c push ecx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C01123 second address: C01127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C01127 second address: C011B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FE418E11477h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 mov eax, dword ptr [eax] 0x00000018 jne 00007FE418E1147Fh 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 jmp 00007FE418E11475h 0x00000027 pop eax 0x00000028 mov dword ptr [ebp+122D197Ch], edx 0x0000002e push 00000003h 0x00000030 mov edi, 2847BEF5h 0x00000035 push 00000000h 0x00000037 mov esi, 7C1C58C7h 0x0000003c push 00000003h 0x0000003e movzx esi, dx 0x00000041 push 5DE9FD3Bh 0x00000046 push edx 0x00000047 je 00007FE418E1146Ch 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C011B1 second address: C011D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 add dword ptr [esp], 621602C5h 0x0000000c mov di, E8D8h 0x00000010 lea ebx, dword ptr [ebp+12449CA9h] 0x00000016 adc si, C513h 0x0000001b push eax 0x0000001c push eax 0x0000001d jg 00007FE4194FB1BCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C146E1 second address: C146E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C146E5 second address: C1470E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE4194FB1C7h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C211B0 second address: C211C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E1146Fh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C211C9 second address: C211D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FE4194FB1B6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21363 second address: C21378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FE418E11466h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007FE418E11466h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21378 second address: C2137C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2137C second address: C21382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21382 second address: C21388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21388 second address: C2138D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2138D second address: C21395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21512 second address: C21526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418E11470h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21526 second address: C2152A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2152A second address: C21530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C216CC second address: C216D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C216D0 second address: C216F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FE418E11466h 0x0000000e jmp 00007FE418E11476h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21860 second address: C21896 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jbe 00007FE4194FB1B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FE4194FB1CCh 0x00000012 jp 00007FE4194FB1C2h 0x00000018 jl 00007FE4194FB1B6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21A25 second address: C21A2F instructions: 0x00000000 rdtsc 0x00000002 js 00007FE418E11466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21A2F second address: C21A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21A35 second address: C21A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418E1146Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21B89 second address: C21B96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FE4194FB1B6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21FC2 second address: C21FF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FE418E11476h 0x0000000b jmp 00007FE418E11472h 0x00000010 popad 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C21FF5 second address: C22052 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FE4194FB1BEh 0x00000008 jmp 00007FE4194FB1C3h 0x0000000d pop esi 0x0000000e jnc 00007FE4194FB1B8h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jno 00007FE4194FB1C6h 0x0000001d jmp 00007FE4194FB1C2h 0x00000022 push esi 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2A538 second address: C2A578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E1146Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FE418E11471h 0x0000000e popad 0x0000000f push eax 0x00000010 jc 00007FE418E1148Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FE418E11477h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2A578 second address: C2A596 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d js 00007FE4194FB1C4h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2D9EE second address: C2DA0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FE418E11471h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2DBAE second address: C2DBB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2DBB2 second address: C2DBB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C2E0FA second address: C2E100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30095 second address: C300A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FE418E11466h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30472 second address: C30477 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30A46 second address: C30A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30A8F second address: C30A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30A93 second address: C30AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE418E11477h 0x0000000b popad 0x0000000c push eax 0x0000000d jg 00007FE418E1146Ch 0x00000013 xchg eax, ebx 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007FE418E11468h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e call 00007FE418E11471h 0x00000033 mov esi, dword ptr [ebp+122D28AAh] 0x00000039 pop edi 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jnp 00007FE418E11466h 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30AFE second address: C30B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30C5A second address: C30C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30CE8 second address: C30CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30CF1 second address: C30CF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30E28 second address: C30E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30E2C second address: C30E43 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE418E11466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30E43 second address: C30E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30FAF second address: C30FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30FB3 second address: C30FE0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007FE4194FB1C0h 0x0000000c pop ebx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 stc 0x00000012 xchg eax, ebx 0x00000013 push edi 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edi 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C30FE0 second address: C30FF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E11474h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C31E6E second address: C31EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FE4194FB1B8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov esi, 20CD2832h 0x00000028 mov esi, 01C7D062h 0x0000002d push 00000000h 0x0000002f call 00007FE4194FB1C2h 0x00000034 mov si, di 0x00000037 pop edi 0x00000038 push 00000000h 0x0000003a mov edi, 6A4F7327h 0x0000003f xchg eax, ebx 0x00000040 jbe 00007FE4194FB1C2h 0x00000046 jp 00007FE4194FB1BCh 0x0000004c jns 00007FE4194FB1B6h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FE4194FB1BBh 0x0000005a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C31EDF second address: C31EE4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C32E3A second address: C32E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C32E45 second address: C32E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007FE418E1146Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C32E54 second address: C32EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push edi 0x00000009 call 00007FE4194FB1B8h 0x0000000e pop edi 0x0000000f mov dword ptr [esp+04h], edi 0x00000013 add dword ptr [esp+04h], 0000001Bh 0x0000001b inc edi 0x0000001c push edi 0x0000001d ret 0x0000001e pop edi 0x0000001f ret 0x00000020 mov edi, dword ptr [ebp+122D371Ah] 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007FE4194FB1B8h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 0000001Ch 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 and edi, dword ptr [ebp+122D2A0Eh] 0x00000048 push 00000000h 0x0000004a add esi, dword ptr [ebp+122D2B06h] 0x00000050 xchg eax, ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jc 00007FE4194FB1B6h 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C32EC3 second address: C32EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C338A0 second address: C338A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C336C7 second address: C336D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edi 0x0000000a jbe 00007FE418E1146Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C338A4 second address: C33913 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FE4194FB1B8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 or dword ptr [ebp+122D373Dh], ebx 0x0000002e push 00000000h 0x00000030 sbb di, 1EADh 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007FE4194FB1B8h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 mov dword ptr [ebp+122D37B4h], edx 0x00000057 movsx edi, bx 0x0000005a push eax 0x0000005b pushad 0x0000005c push eax 0x0000005d pushad 0x0000005e popad 0x0000005f pop eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C340CA second address: C340DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418E1146Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C34C7A second address: C34C8E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C35A4C second address: C35AC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jp 00007FE418E11466h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jp 00007FE418E11467h 0x00000015 cmc 0x00000016 jmp 00007FE418E11473h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edx 0x00000020 call 00007FE418E11468h 0x00000025 pop edx 0x00000026 mov dword ptr [esp+04h], edx 0x0000002a add dword ptr [esp+04h], 0000001Dh 0x00000032 inc edx 0x00000033 push edx 0x00000034 ret 0x00000035 pop edx 0x00000036 ret 0x00000037 push 00000000h 0x00000039 jmp 00007FE418E11476h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FE418E1146Dh 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C35AC4 second address: C35ACA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C35ACA second address: C35ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C36528 second address: C365A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FE4194FB1B8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D36D0h] 0x0000002e mov esi, dword ptr [ebp+12452447h] 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FE4194FB1B8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 jmp 00007FE4194FB1C0h 0x00000055 push 00000000h 0x00000057 xchg eax, ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jnp 00007FE4194FB1B6h 0x00000061 jbe 00007FE4194FB1B6h 0x00000067 popad 0x00000068 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C365A7 second address: C365AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C36305 second address: C3630B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C36D71 second address: C36D83 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FE418E11466h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3630B second address: C3630F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3AAB4 second address: C3AAB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3B981 second address: C3B985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C36D83 second address: C36D91 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE418E11466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3C809 second address: C3C822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FE4194FB1B6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FE4194FB1B8h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3AAB8 second address: C3AAC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C36D91 second address: C36D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3D9E7 second address: C3D9F5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE418E11466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3D9F5 second address: C3D9F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3EA81 second address: C3EA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3EA85 second address: C3EA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3EA8B second address: C3EA9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418E1146Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3FB3E second address: C3FBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007FE4194FB1C3h 0x0000000e pop ebx 0x0000000f jne 00007FE4194FB1B8h 0x00000015 popad 0x00000016 nop 0x00000017 mov edi, dword ptr [ebp+122D288Ah] 0x0000001d push 00000000h 0x0000001f adc di, 7027h 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007FE4194FB1B8h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 0000001Ah 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 movsx edi, si 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FE4194FB1BAh 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C41A77 second address: C41B32 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FE418E11473h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jnp 00007FE418E11471h 0x00000012 nop 0x00000013 and ebx, 22B24520h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FE418E11468h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 add di, 6542h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007FE418E11468h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 jmp 00007FE418E1146Ah 0x0000005b mov ebx, dword ptr [ebp+1244BCF3h] 0x00000061 push edx 0x00000062 jmp 00007FE418E11476h 0x00000067 pop edi 0x00000068 xchg eax, esi 0x00000069 jl 00007FE418E1146Eh 0x0000006f jg 00007FE418E11468h 0x00000075 push eax 0x00000076 jng 00007FE418E1146Eh 0x0000007c push ecx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C42B51 second address: C42B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C43BC4 second address: C43BCE instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE418E11466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C43BCE second address: C43BD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C43BD4 second address: C43BD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C43BD8 second address: C43C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FE4194FB1B8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 sub dword ptr [ebp+12449E40h], edi 0x0000002b push 00000000h 0x0000002d movzx edi, cx 0x00000030 jc 00007FE4194FB1BCh 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007FE4194FB1B8h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 00000018h 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 xchg eax, esi 0x00000053 jmp 00007FE4194FB1BBh 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007FE4194FB1C6h 0x00000060 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C43C5E second address: C43C68 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FE418E1146Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C44BA5 second address: C44BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C44BAA second address: C44BFF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FE418E11468h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FE418E11468h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push ebx 0x00000028 mov dword ptr [ebp+1246526Fh], esi 0x0000002e pop ebx 0x0000002f push 00000000h 0x00000031 sub dword ptr [ebp+1246526Fh], esi 0x00000037 push 00000000h 0x00000039 jmp 00007FE418E1146Ch 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 pop esi 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C44BFF second address: C44C11 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FE4194FB1B6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C47FBB second address: C47FD0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FE418E1146Bh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C47FD0 second address: C47FDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C47FDD second address: C47FFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E11472h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FE418E1146Bh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C47FFE second address: C48004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C48004 second address: C48008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3FD88 second address: C3FD8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C41CB3 second address: C41D33 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FE418E11466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FE418E11472h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov ebx, dword ptr [ebp+122D2A5Ah] 0x00000020 call 00007FE418E11479h 0x00000025 jmp 00007FE418E1146Dh 0x0000002a pop ebx 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 mov di, B3ACh 0x00000036 mov eax, dword ptr [ebp+122D1235h] 0x0000003c push edi 0x0000003d stc 0x0000003e pop ebx 0x0000003f push FFFFFFFFh 0x00000041 push ecx 0x00000042 jp 00007FE418E11466h 0x00000048 pop edi 0x00000049 mov bx, 072Bh 0x0000004d nop 0x0000004e je 00007FE418E11474h 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C41D33 second address: C41D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4861F second address: C48645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FE418E11466h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE418E11474h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C48645 second address: C48649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C42D12 second address: C42D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4973F second address: C49745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C49745 second address: C4974A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4974A second address: C49772 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FE4194FB1BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE4194FB1C5h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C460CF second address: C460D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4A78F second address: C4A79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE4194FB1B6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C48827 second address: C48848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418E11479h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4A8F7 second address: C4A8FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4B89C second address: C4B8AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418E1146Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D6F0 second address: C4D708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D708 second address: C4D712 instructions: 0x00000000 rdtsc 0x00000002 je 00007FE418E1146Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D712 second address: C4D723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007FE4194FB1B6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D723 second address: C4D727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D727 second address: C4D72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C4D72D second address: C4D738 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FE418E11466h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEC0B1 second address: BEC0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEC0B7 second address: BEC0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C532B1 second address: C53318 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FE4194FB1BAh 0x00000008 jl 00007FE4194FB1B6h 0x0000000e pop ebx 0x0000000f jl 00007FE4194FB1D4h 0x00000015 jmp 00007FE4194FB1C8h 0x0000001a jnc 00007FE4194FB1B6h 0x00000020 pop edx 0x00000021 pop eax 0x00000022 jc 00007FE4194FB1E7h 0x00000028 jmp 00007FE4194FB1C2h 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 jmp 00007FE4194FB1C1h 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C53318 second address: C5331C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C53464 second address: C53490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE4194FB1C6h 0x00000009 popad 0x0000000a jmp 00007FE4194FB1C1h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEDA45 second address: BEDA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEDA49 second address: BEDA66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C0h 0x00000007 jbe 00007FE4194FB1B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEDA66 second address: BEDA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A5CD second address: C5A5D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A5D1 second address: C5A5D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A6E0 second address: C5A6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A6E4 second address: C5A71B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E11471h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jmp 00007FE418E11479h 0x00000016 pop ecx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A825 second address: C5A83F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE4194FB1BCh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A83F second address: C5A843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A843 second address: C5A858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b je 00007FE4194FB1C8h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A858 second address: C5A85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A85C second address: C5A86E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A86E second address: C5A872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A872 second address: C5A878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A878 second address: C5A88E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418E11472h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5A88E second address: C5A892 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F7C1 second address: C5F7C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F7C5 second address: C5F7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F7CB second address: C5F82F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FE418E11468h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FE418E1146Eh 0x00000013 popad 0x00000014 pushad 0x00000015 jns 00007FE418E1147Ch 0x0000001b pushad 0x0000001c jmp 00007FE418E11476h 0x00000021 jmp 00007FE418E11471h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F82F second address: C5F83B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5EB16 second address: C5EB5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E1146Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007FE418E1147Eh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007FE418E11476h 0x00000016 jmp 00007FE418E1146Ah 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jo 00007FE418E11468h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5EB5B second address: C5EB77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE4194FB1C8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5ECAA second address: C5ECAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5ECAE second address: C5ECB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5EF4E second address: C5EF58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FE418E11466h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F4DD second address: C5F4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 jg 00007FE4194FB1B6h 0x0000000e jg 00007FE4194FB1B6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F4F3 second address: C5F4FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F4FA second address: C5F500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F500 second address: C5F504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C5F504 second address: C5F508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BF953A second address: BF953E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6509F second address: C650AF instructions: 0x00000000 rdtsc 0x00000002 jno 00007FE4194FB1B6h 0x00000008 jp 00007FE4194FB1B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C21 second address: C64C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FE418E11466h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C33 second address: C64C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FE4194FB1B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE4194FB1C5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C57 second address: C64C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C5B second address: C64C82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a js 00007FE4194FB1EAh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C82 second address: C64C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C64C86 second address: C64C90 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE4194FB1B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C658E5 second address: C658E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C658E9 second address: C65903 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FE4194FB1C1h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65903 second address: C6590F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FE418E11466h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6590F second address: C65914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65914 second address: C65920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FE418E11466h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65A41 second address: C65A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65A49 second address: C65A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jne 00007FE418E11466h 0x0000000c pop edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65A56 second address: C65A5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65BE9 second address: C65BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65BED second address: C65C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE4194FB1C7h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65C0C second address: C65C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C65C10 second address: C65C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6D397 second address: C6D39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6C2A2 second address: C6C2B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE4194FB1C1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6C835 second address: C6C839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6C9A2 second address: C6CA0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FE4194FB1B6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FE4194FB1C1h 0x00000010 jmp 00007FE4194FB1C0h 0x00000015 popad 0x00000016 jmp 00007FE4194FB1C0h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 jo 00007FE4194FB1B6h 0x00000028 popad 0x00000029 pushad 0x0000002a jmp 00007FE4194FB1C5h 0x0000002f jbe 00007FE4194FB1B6h 0x00000035 push eax 0x00000036 pop eax 0x00000037 popad 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6CCD9 second address: C6CD26 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jng 00007FE418E11466h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007FE418E1147Fh 0x00000012 jmp 00007FE418E11477h 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FE418E11488h 0x0000001f js 00007FE418E11468h 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FE418E1146Ch 0x0000002e jp 00007FE418E11466h 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6BBB6 second address: C6BBBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C6BBBC second address: C6BBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C70B79 second address: C70B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C70B7D second address: C70B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C70B83 second address: C70B94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1BCh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C70B94 second address: C70BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C75578 second address: C7557E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C74418 second address: C7441E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7441E second address: C74423 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C74423 second address: C74439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418E1146Eh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37686 second address: C3768C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3768C second address: C37690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37690 second address: C17AEE instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE4194FB1B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jp 00007FE4194FB1CDh 0x00000013 jmp 00007FE4194FB1C7h 0x00000018 nop 0x00000019 or cl, FFFFFFF8h 0x0000001c lea eax, dword ptr [ebp+12480437h] 0x00000022 jmp 00007FE4194FB1C3h 0x00000027 sbb edx, 51270620h 0x0000002d push eax 0x0000002e pushad 0x0000002f pushad 0x00000030 push eax 0x00000031 pop eax 0x00000032 js 00007FE4194FB1B6h 0x00000038 popad 0x00000039 jne 00007FE4194FB1CBh 0x0000003f popad 0x00000040 mov dword ptr [esp], eax 0x00000043 mov di, dx 0x00000046 call dword ptr [ebp+1244C1C4h] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FE4194FB1BCh 0x00000053 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3785F second address: C37866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37866 second address: C3788A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FE4194FB1BDh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FE4194FB1BCh 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37CF7 second address: C37CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37CFB second address: C37CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37CFF second address: C37D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37D80 second address: C37D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37D86 second address: C37DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE418E11479h 0x0000000a popad 0x0000000b mov dword ptr [esp], esi 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FE418E11468h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, 55ED7409h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 jmp 00007FE418E11472h 0x00000036 pop edx 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37EB1 second address: C37EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37EB5 second address: C37EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C37EBB second address: C37EC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3846A second address: C3846F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C3846F second address: C384BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c and di, C827h 0x00000011 push 0000001Eh 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FE4194FB1B8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d nop 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 push ecx 0x00000032 pop ecx 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C384BF second address: C384E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 je 00007FE418E11466h 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FE418E11471h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C387AC second address: C38817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FE4194FB1B8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 lea eax, dword ptr [ebp+1248047Bh] 0x00000028 push 00000000h 0x0000002a push ecx 0x0000002b call 00007FE4194FB1B8h 0x00000030 pop ecx 0x00000031 mov dword ptr [esp+04h], ecx 0x00000035 add dword ptr [esp+04h], 00000015h 0x0000003d inc ecx 0x0000003e push ecx 0x0000003f ret 0x00000040 pop ecx 0x00000041 ret 0x00000042 push eax 0x00000043 sub edx, dword ptr [ebp+122D2B56h] 0x00000049 pop edx 0x0000004a push eax 0x0000004b jo 00007FE4194FB1CAh 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FE4194FB1BCh 0x00000058 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C38817 second address: C3886D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FE418E11468h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 xor dl, FFFFFFE0h 0x00000026 lea eax, dword ptr [ebp+12480437h] 0x0000002c nop 0x0000002d pushad 0x0000002e jno 00007FE418E1146Ch 0x00000034 push ecx 0x00000035 push eax 0x00000036 pop eax 0x00000037 pop ecx 0x00000038 popad 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FE418E11471h 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C74782 second address: C7479C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C4h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7479C second address: C747AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418E1146Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C747AC second address: C747B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C747B0 second address: C747B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C751A5 second address: C751A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7852A second address: C7852E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E929 second address: C7E92D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E92D second address: C7E93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E93C second address: C7E961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007FE4194FB1B6h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 jno 00007FE4194FB1B6h 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e pop eax 0x0000001f jng 00007FE4194FB1B6h 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E961 second address: C7E965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E251 second address: C7E265 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jo 00007FE4194FB1B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E3AF second address: C7E3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FE418E11466h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E3BC second address: C7E3C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E3C2 second address: C7E3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE418E1146Dh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E3DC second address: C7E3E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FE4194FB1B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C7E6A5 second address: C7E6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FE418E11466h 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C84120 second address: C84145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE4194FB1C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007FE4194FB1D6h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C847F0 second address: C847F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C847F4 second address: C84819 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007FE4194FB1B6h 0x0000000d jc 00007FE4194FB1B6h 0x00000013 pop eax 0x00000014 popad 0x00000015 push ebx 0x00000016 jc 00007FE4194FB1B8h 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f push edi 0x00000020 pop edi 0x00000021 push edi 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C38318 second address: C38324 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C38324 second address: C38328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C38328 second address: C38361 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D2CAEh] 0x0000000e mov ebx, dword ptr [ebp+12480476h] 0x00000014 jmp 00007FE418E11479h 0x00000019 add eax, ebx 0x0000001b adc cx, 9A7Ch 0x00000020 push eax 0x00000021 push ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C38361 second address: C383B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE4194FB1B6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1A6Eh], edx 0x00000015 push 00000004h 0x00000017 pushad 0x00000018 mov ax, 4D6Fh 0x0000001c mov ebx, dword ptr [ebp+124527F2h] 0x00000022 popad 0x00000023 jc 00007FE4194FB1B8h 0x00000029 mov ecx, edx 0x0000002b nop 0x0000002c ja 00007FE4194FB1C8h 0x00000032 push eax 0x00000033 jo 00007FE4194FB1C2h 0x00000039 jnp 00007FE4194FB1BCh 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C84AE5 second address: C84AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C84AEB second address: C84AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C88EE6 second address: C88EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89029 second address: C8902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8902D second address: C89047 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E11476h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89047 second address: C89058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE4194FB1BDh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89058 second address: C8907C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418E1146Ah 0x00000007 ja 00007FE418E11466h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FE418E1146Ah 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push ebx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8921E second address: C89224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89224 second address: C8922A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8922A second address: C8922E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89349 second address: C89354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89354 second address: C89378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE4194FB1C1h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c jnl 00007FE4194FB1BCh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C89378 second address: C8937D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8937D second address: C8939C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FE4194FB1C7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8CF3B second address: C8CF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FE418722666h 0x0000000a pop edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C8D0F0 second address: C8D0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94080 second address: C94088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94088 second address: C9408C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C941E8 second address: C941F2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FE418722666h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C947D8 second address: C947F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jbe 00007FE419596846h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d je 00007FE419596846h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C947F0 second address: C947F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C947F4 second address: C94801 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FE419596846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94801 second address: C94825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE418722672h 0x00000009 pop edx 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jns 00007FE418722666h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94825 second address: C9482B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C9482B second address: C94848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE418722672h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94B40 second address: C94B63 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE41959685Bh 0x00000008 jmp 00007FE419596855h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C94B63 second address: C94B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C999B9 second address: C999F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596850h 0x00000007 jmp 00007FE419596852h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jp 00007FE419596848h 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 jmp 00007FE41959684Fh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C99B5A second address: C99B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: C9EC27 second address: C9EC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE41959684Eh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5034 second address: CA5038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5038 second address: CA5043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5043 second address: CA5054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE41872266Ch 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5054 second address: CA5059 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5059 second address: CA505F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA51C0 second address: CA51CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FE419596848h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA54C4 second address: CA54CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA54CC second address: CA54F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007FE419596846h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007FE419596846h 0x00000017 jmp 00007FE41959684Fh 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA54F2 second address: CA54F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA57C2 second address: CA57D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FE41959684Dh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA57D7 second address: CA57DD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5F42 second address: CA5F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FE419596846h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA5F4E second address: CA5F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FE41872266Eh 0x0000000a pushad 0x0000000b jmp 00007FE418722676h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jnp 00007FE418722666h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CA4B91 second address: CA4B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CAE126 second address: CAE12C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CAE12C second address: CAE13B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FE419596846h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CAE409 second address: CAE40D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CBC121 second address: CBC127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CBC127 second address: CBC14D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FE418722666h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d jmp 00007FE418722670h 0x00000012 pushad 0x00000013 jns 00007FE418722666h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CBC14D second address: CBC167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE41959684Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FE419596846h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CBC167 second address: CBC16D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CC0793 second address: CC07AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE419596854h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CC07AB second address: CC07CC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FE418722671h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FE418722666h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CC0331 second address: CC034D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE419596857h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CC6E99 second address: CC6EB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE418722678h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CD1A65 second address: CD1A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FE419596846h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FE419596846h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CD190E second address: CD191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FE418722672h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDDC0D second address: CDDC1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007FE419596846h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDC9BF second address: CDC9C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDC9C5 second address: CDC9D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDC9D1 second address: CDC9EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE418722674h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDCDD1 second address: CDCDE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41959684Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDCDE4 second address: CDCE06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FE418722672h 0x0000000c jnc 00007FE418722666h 0x00000012 js 00007FE418722666h 0x00000018 pop esi 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c jbe 00007FE418722666h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDCE06 second address: CDCE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596858h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE419596851h 0x00000012 jl 00007FE419596846h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDCE3D second address: CDCE41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDD09D second address: CDD0A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDD0A4 second address: CDD0D3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FE418722679h 0x00000008 jmp 00007FE41872266Dh 0x0000000d jnp 00007FE418722666h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push ecx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 jc 00007FE418722666h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDD999 second address: CDD99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CDD99D second address: CDD9A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEF5A8 second address: BEF5DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596858h 0x00000007 jmp 00007FE419596851h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEF5DA second address: BEF5E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEF5E3 second address: BEF5E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEF5E9 second address: BEF5F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: BEF5F1 second address: BEF5F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CE1395 second address: CE1399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CE4CCC second address: CE4CFC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE41959685Fh 0x00000008 jmp 00007FE419596859h 0x0000000d pushad 0x0000000e jp 00007FE419596846h 0x00000014 jl 00007FE419596846h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CE4CFC second address: CE4D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CEF122 second address: CEF126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CEF126 second address: CEF12A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF1CC5 second address: CF1CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF1CCE second address: CF1D02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FE418722675h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FE41872266Ch 0x00000016 jc 00007FE418722668h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF8CB8 second address: CF8CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE41959684Ah 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF8CC6 second address: CF8CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF8CD1 second address: CF8CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE41959684Ah 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FE41959684Eh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF8CF1 second address: CF8CF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: CF8B60 second address: CF8B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE419596852h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A098 second address: D0A0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A0A3 second address: D0A0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A0A9 second address: D0A0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A0AD second address: D0A0C0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FE419596846h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop esi 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A0C0 second address: D0A0CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0A0CB second address: D0A0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D0C1A7 second address: D0C1AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E338 second address: D2E33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E33E second address: D2E342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E342 second address: D2E346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E346 second address: D2E375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FE418722670h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE418722677h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E375 second address: D2E3AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596854h 0x00000007 jmp 00007FE419596853h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jbe 00007FE419596846h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E3AE second address: D2E3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E6A5 second address: D2E6AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E6AA second address: D2E6B5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007FE418722666h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E813 second address: D2E839 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596855h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE41959684Ah 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2E97C second address: D2E99F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 jmp 00007FE418722670h 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 jnp 00007FE418722666h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2EC8B second address: D2ECA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FE419596850h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F08E second address: D2F094 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F094 second address: D2F0AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE419596850h 0x00000009 jnp 00007FE419596846h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F23A second address: D2F244 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FE418722666h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F244 second address: D2F274 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FE41959685Ch 0x00000008 jmp 00007FE419596854h 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FE41959684Bh 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F274 second address: D2F278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F278 second address: D2F27E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D2F27E second address: D2F29E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FE418722672h 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FE418722666h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D30C7B second address: D30C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jnp 00007FE419596846h 0x0000000c pop edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D30C88 second address: D30C8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D30C8D second address: D30C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D338B6 second address: D338BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D338BC second address: D338C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D355EC second address: D355F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D355F2 second address: D355F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D355F8 second address: D355FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D35182 second address: D3518B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D3518B second address: D3518F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: D3518F second address: D35198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54106E2 second address: 54106E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54106E8 second address: 541079E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596857h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FE419596856h 0x00000011 push eax 0x00000012 jmp 00007FE41959684Bh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 mov dl, ah 0x0000001b mov ax, bx 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 call 00007FE419596859h 0x00000027 pushfd 0x00000028 jmp 00007FE419596850h 0x0000002d add ax, B148h 0x00000032 jmp 00007FE41959684Bh 0x00000037 popfd 0x00000038 pop ecx 0x00000039 call 00007FE419596859h 0x0000003e mov ah, 4Dh 0x00000040 pop edi 0x00000041 popad 0x00000042 pop ebp 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FE41959684Fh 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0F59 second address: 53D0F5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0F5E second address: 53D0F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0F64 second address: 53D0F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FE418722670h 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE418722677h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54506DA second address: 5450747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 movzx esi, bx 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007FE419596856h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FE419596850h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FE41959684Dh 0x00000020 sub esi, 39C2C0B6h 0x00000026 jmp 00007FE419596851h 0x0000002b popfd 0x0000002c jmp 00007FE419596850h 0x00000031 popad 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450747 second address: 5450769 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 7D84h 0x00000007 mov si, dx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FE418722672h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0CC1 second address: 53D0CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0CC8 second address: 53D0D45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, AD36h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FE418722676h 0x00000012 add ecx, 376BB458h 0x00000018 jmp 00007FE41872266Bh 0x0000001d popfd 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FE418722674h 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 mov bx, ax 0x0000002a mov si, A4C9h 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 pushfd 0x00000035 jmp 00007FE418722670h 0x0000003a add esi, 0D997918h 0x00000040 jmp 00007FE41872266Bh 0x00000045 popfd 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0DC2 second address: 53D0DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0DC7 second address: 53D0DCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53D0DCD second address: 53D0DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 545049C second address: 54504C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f mov bh, DAh 0x00000011 popad 0x00000012 pop ebp 0x00000013 pushad 0x00000014 mov cx, 18A7h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop ebx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5420B90 second address: 5420B9B instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov ebx, esi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450E80 second address: 5450E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450E84 second address: 5450E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450E8A second address: 5450EAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE41872266Eh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450EAD second address: 5450EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450EB3 second address: 5450ED6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE41872266Dh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450ED6 second address: 5450F15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FE41959684Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FE419596857h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450F15 second address: 5450F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450F1B second address: 5450F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E069D second address: 53E06C7 instructions: 0x00000000 rdtsc 0x00000002 call 00007FE418722674h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FE41872266Dh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E06C7 second address: 53E0704 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE419596857h 0x00000009 and eax, 55C2E87Eh 0x0000000f jmp 00007FE419596859h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E0704 second address: 53E0714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E0714 second address: 53E0718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E0718 second address: 53E071E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 53E071E second address: 53E076C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE41959684Eh 0x00000009 sub eax, 29FD32A8h 0x0000000f jmp 00007FE41959684Bh 0x00000014 popfd 0x00000015 mov ecx, 7451B59Fh 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 mov si, B997h 0x00000024 mov edx, ecx 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FE419596855h 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54504EB second address: 5450508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450508 second address: 545050E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 545050E second address: 5450512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450512 second address: 5450528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE41959684Bh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450528 second address: 5450561 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722679h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FE418722673h 0x00000014 mov bh, cl 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450561 second address: 545056A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 7117h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 545056A second address: 5450584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE41872266Fh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450BF9 second address: 5450C59 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FE419596852h 0x00000008 adc ax, E4A8h 0x0000000d jmp 00007FE41959684Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 jmp 00007FE419596859h 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FE419596858h 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450C59 second address: 5450C68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450C68 second address: 5450CA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, BEh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FE419596859h 0x00000015 jmp 00007FE41959684Bh 0x0000001a popfd 0x0000001b mov dl, al 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450CA0 second address: 5450D0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007FE418722670h 0x00000011 and dword ptr [eax], 00000000h 0x00000014 jmp 00007FE418722670h 0x00000019 and dword ptr [eax+04h], 00000000h 0x0000001d jmp 00007FE418722670h 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov dl, 27h 0x00000028 call 00007FE418722676h 0x0000002d pop ecx 0x0000002e popad 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450D0E second address: 5450D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450D14 second address: 5450D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5420AA1 second address: 5420B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE41959684Fh 0x00000009 jmp 00007FE419596853h 0x0000000e popfd 0x0000000f mov edi, eax 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 jmp 00007FE419596852h 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FE419596851h 0x00000022 or ax, 8B06h 0x00000027 jmp 00007FE419596851h 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007FE419596850h 0x00000033 add ax, B1A8h 0x00000038 jmp 00007FE41959684Bh 0x0000003d popfd 0x0000003e popad 0x0000003f xchg eax, ebp 0x00000040 jmp 00007FE419596856h 0x00000045 mov ebp, esp 0x00000047 jmp 00007FE419596850h 0x0000004c pop ebp 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 mov dx, cx 0x00000053 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 546013D second address: 54601A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE418722677h 0x00000009 xor cx, D67Eh 0x0000000e jmp 00007FE418722679h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FE418722670h 0x0000001a jmp 00007FE418722675h 0x0000001f popfd 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54601A8 second address: 54601AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54601AC second address: 54601BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54601BF second address: 54601C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 4AA5F2FAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54601C9 second address: 5460215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a mov ebx, 08CD269Eh 0x0000000f pop ebx 0x00000010 push eax 0x00000011 mov bh, 6Bh 0x00000013 pop eax 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 push edi 0x00000018 call 00007FE418722674h 0x0000001d pop ecx 0x0000001e pop edi 0x0000001f movzx ecx, dx 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007FE418722673h 0x0000002a pop ebp 0x0000002b pushad 0x0000002c push eax 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 540079A second address: 54007A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54007A0 second address: 54007A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54007A4 second address: 54007B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54007B3 second address: 54007B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54007B9 second address: 54007D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE419596853h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5460DCD second address: 5460ED0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722671h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FE418722677h 0x00000011 sbb ecx, 3413CF5Eh 0x00000017 jmp 00007FE418722679h 0x0000001c popfd 0x0000001d mov edx, esi 0x0000001f popad 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 call 00007FE418722678h 0x00000027 pushfd 0x00000028 jmp 00007FE418722672h 0x0000002d and ax, 25B8h 0x00000032 jmp 00007FE41872266Bh 0x00000037 popfd 0x00000038 pop esi 0x00000039 push edi 0x0000003a jmp 00007FE418722674h 0x0000003f pop ecx 0x00000040 popad 0x00000041 mov eax, dword ptr [778165FCh] 0x00000046 jmp 00007FE418722671h 0x0000004b test eax, eax 0x0000004d jmp 00007FE41872266Eh 0x00000052 je 00007FE48AA55131h 0x00000058 pushad 0x00000059 movzx ecx, bx 0x0000005c call 00007FE418722673h 0x00000061 mov si, B09Fh 0x00000065 pop esi 0x00000066 popad 0x00000067 mov ecx, eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FE41872266Eh 0x00000070 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5460ED0 second address: 5460F14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 08B4h 0x00000007 mov bx, FC20h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor eax, dword ptr [ebp+08h] 0x00000011 jmp 00007FE419596854h 0x00000016 and ecx, 1Fh 0x00000019 pushad 0x0000001a mov ax, EDBDh 0x0000001e mov ah, A8h 0x00000020 popad 0x00000021 ror eax, cl 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FE419596850h 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 542006D second address: 542018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE41872266Fh 0x00000009 add si, EC9Eh 0x0000000e jmp 00007FE418722679h 0x00000013 popfd 0x00000014 mov ch, A8h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esp], ebp 0x0000001c jmp 00007FE418722673h 0x00000021 mov ebp, esp 0x00000023 jmp 00007FE418722676h 0x00000028 and esp, FFFFFFF8h 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FE41872266Eh 0x00000032 add si, 3028h 0x00000037 jmp 00007FE41872266Bh 0x0000003c popfd 0x0000003d pushfd 0x0000003e jmp 00007FE418722678h 0x00000043 adc ecx, 3BDEE288h 0x00000049 jmp 00007FE41872266Bh 0x0000004e popfd 0x0000004f popad 0x00000050 xchg eax, ecx 0x00000051 jmp 00007FE418722676h 0x00000056 push eax 0x00000057 pushad 0x00000058 push edi 0x00000059 pop edi 0x0000005a pushfd 0x0000005b jmp 00007FE418722678h 0x00000060 and ch, 00000048h 0x00000063 jmp 00007FE41872266Bh 0x00000068 popfd 0x00000069 popad 0x0000006a xchg eax, ecx 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e pushfd 0x0000006f jmp 00007FE418722672h 0x00000074 adc al, FFFFFFA8h 0x00000077 jmp 00007FE41872266Bh 0x0000007c popfd 0x0000007d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 542018C second address: 5420196 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 mov ebx, eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5420196 second address: 54201F8 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FE41872266Eh 0x00000008 adc cx, 8C08h 0x0000000d jmp 00007FE41872266Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 jmp 00007FE418722676h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FE41872266Ch 0x00000026 sbb ecx, 71428198h 0x0000002c jmp 00007FE41872266Bh 0x00000031 popfd 0x00000032 mov dl, cl 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54201F8 second address: 5420286 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596852h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FE419596850h 0x0000000f mov ebx, dword ptr [ebp+10h] 0x00000012 jmp 00007FE419596850h 0x00000017 xchg eax, esi 0x00000018 jmp 00007FE419596850h 0x0000001d push eax 0x0000001e pushad 0x0000001f push ebx 0x00000020 pushad 0x00000021 popad 0x00000022 pop esi 0x00000023 movsx ebx, cx 0x00000026 popad 0x00000027 xchg eax, esi 0x00000028 jmp 00007FE419596852h 0x0000002d mov esi, dword ptr [ebp+08h] 0x00000030 jmp 00007FE419596850h 0x00000035 xchg eax, edi 0x00000036 pushad 0x00000037 mov ax, 3BADh 0x0000003b mov ch, E5h 0x0000003d popad 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov ecx, edx 0x00000044 movsx ebx, si 0x00000047 popad 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5420286 second address: 54202D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FE418722674h 0x00000011 jmp 00007FE418722675h 0x00000016 popfd 0x00000017 mov ebx, eax 0x00000019 popad 0x0000001a test esi, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ecx, ebx 0x00000021 mov si, dx 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54202D4 second address: 54202DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54202DA second address: 54202DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54202DE second address: 542031B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FE48B904B75h 0x0000000e jmp 00007FE419596852h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a pushad 0x0000001b mov dl, ch 0x0000001d push edi 0x0000001e mov edx, esi 0x00000020 pop eax 0x00000021 popad 0x00000022 je 00007FE48B904B64h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b movzx esi, dx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 542031B second address: 5420320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5420320 second address: 54203D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596852h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c pushad 0x0000000d mov cl, DEh 0x0000000f mov cx, dx 0x00000012 popad 0x00000013 or edx, dword ptr [ebp+0Ch] 0x00000016 jmp 00007FE419596855h 0x0000001b test edx, 61000000h 0x00000021 jmp 00007FE41959684Eh 0x00000026 jne 00007FE48B904B62h 0x0000002c jmp 00007FE419596850h 0x00000031 test byte ptr [esi+48h], 00000001h 0x00000035 pushad 0x00000036 mov edx, eax 0x00000038 pushfd 0x00000039 jmp 00007FE41959684Ah 0x0000003e and ecx, 6AA9DE18h 0x00000044 jmp 00007FE41959684Bh 0x00000049 popfd 0x0000004a popad 0x0000004b jne 00007FE48B904B40h 0x00000051 jmp 00007FE419596856h 0x00000056 test bl, 00000007h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FE41959684Ah 0x00000062 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54203D4 second address: 54203DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54203DA second address: 54203E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54203E0 second address: 54203E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543003B second address: 5430071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FE41959684Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FE41959684Dh 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430071 second address: 5430075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430075 second address: 543007B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543007B second address: 5430092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE418722673h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430092 second address: 5430130 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596859h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE41959684Ch 0x00000013 jmp 00007FE419596855h 0x00000018 popfd 0x00000019 jmp 00007FE419596850h 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 pushad 0x00000022 pushad 0x00000023 movzx esi, di 0x00000026 popad 0x00000027 jmp 00007FE419596855h 0x0000002c popad 0x0000002d and esp, FFFFFFF8h 0x00000030 pushad 0x00000031 mov ecx, edx 0x00000033 popad 0x00000034 push esp 0x00000035 jmp 00007FE419596852h 0x0000003a mov dword ptr [esp], ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FE41959684Ah 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430130 second address: 5430134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430134 second address: 543013A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543013A second address: 5430157 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f mov dx, 35DEh 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430157 second address: 5430166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE41959684Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430166 second address: 5430175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430175 second address: 5430179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430179 second address: 543017F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543017F second address: 5430217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 jmp 00007FE419596852h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, esi 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FE41959684Eh 0x00000015 sub ecx, 35BCD838h 0x0000001b jmp 00007FE41959684Bh 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007FE419596858h 0x00000027 sub cl, FFFFFF98h 0x0000002a jmp 00007FE41959684Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov esi, dword ptr [ebp+08h] 0x00000034 jmp 00007FE419596856h 0x00000039 sub ebx, ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007FE419596853h 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430217 second address: 543021D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430367 second address: 543038D instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushfd 0x0000000a jmp 00007FE41959684Ah 0x0000000f or ecx, 3BC11988h 0x00000015 jmp 00007FE41959684Bh 0x0000001a popfd 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543038D second address: 5430398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430398 second address: 543039D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543039D second address: 5430413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov edi, 04E7FBE8h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebx 0x0000000e jmp 00007FE418722677h 0x00000013 xchg eax, ebx 0x00000014 jmp 00007FE418722676h 0x00000019 push eax 0x0000001a pushad 0x0000001b movsx edi, ax 0x0000001e mov bh, al 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 jmp 00007FE418722675h 0x00000027 push dword ptr [ebp+14h] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d jmp 00007FE418722673h 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543045D second address: 5430463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430463 second address: 5430467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430467 second address: 543046B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543046B second address: 54304A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jmp 00007FE418722677h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FE418722675h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54304A3 second address: 54304D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FE419596858h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54304D6 second address: 54304E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491884 second address: 5491888 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491888 second address: 549188E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 549188E second address: 5491894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491894 second address: 5491898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491898 second address: 54918DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FE419596850h 0x00000011 pop esi 0x00000012 pushfd 0x00000013 jmp 00007FE41959684Bh 0x00000018 adc ch, 0000005Eh 0x0000001b jmp 00007FE419596859h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54918DF second address: 549192D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FE418722677h 0x00000008 pushfd 0x00000009 jmp 00007FE418722678h 0x0000000e and cx, E4B8h 0x00000013 jmp 00007FE41872266Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 549192D second address: 5491931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491931 second address: 5491937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491937 second address: 549193C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 549193C second address: 549197F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FE41872266Ch 0x00000012 and cx, 7E48h 0x00000017 jmp 00007FE41872266Bh 0x0000001c popfd 0x0000001d jmp 00007FE418722678h 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 549197F second address: 5491998 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41959684Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 0000007Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491998 second address: 549199E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 549199E second address: 54919E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596854h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e mov bx, si 0x00000011 pushfd 0x00000012 jmp 00007FE41959684Ah 0x00000017 add ax, 5568h 0x0000001c jmp 00007FE41959684Bh 0x00000021 popfd 0x00000022 popad 0x00000023 push dword ptr [ebp+08h] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov edx, 41E1ECD6h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54919E8 second address: 54919ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54919ED second address: 5491A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE419596859h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491A0A second address: 5491A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491A64 second address: 5491884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596853h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a retn 0004h 0x0000000d lea eax, dword ptr [ebp-10h] 0x00000010 push eax 0x00000011 call ebx 0x00000013 mov edi, edi 0x00000015 jmp 00007FE419596851h 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FE419596858h 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 545087B second address: 5450881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450881 second address: 5450885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5450885 second address: 54508ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722674h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FE41872266Eh 0x00000013 or cx, 0068h 0x00000018 jmp 00007FE41872266Bh 0x0000001d popfd 0x0000001e mov esi, 11F0865Fh 0x00000023 popad 0x00000024 push eax 0x00000025 jmp 00007FE418722675h 0x0000002a xchg eax, ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FE41872266Dh 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54508ED second address: 54508F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54508F3 second address: 54508F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54508F7 second address: 54508FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54508FB second address: 5450919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FE418722672h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430725 second address: 5430734 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41959684Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430734 second address: 543073A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543073A second address: 5430758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FE41959684Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5430758 second address: 543075E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 543075E second address: 543076D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE41959684Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491EBB second address: 5491EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491EC1 second address: 5491EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491EC5 second address: 5491EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FE41872266Dh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491EDD second address: 5491EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 5491EE3 second address: 5491F2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722673h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FE418722676h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FE418722677h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0419 second address: 54B0431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE419596854h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0431 second address: 54B0490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41872266Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FE418722676h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov edx, 2C388154h 0x00000018 pushfd 0x00000019 jmp 00007FE41872266Dh 0x0000001e add ah, 00000016h 0x00000021 jmp 00007FE418722671h 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov edi, 21C2689Eh 0x00000031 push ebx 0x00000032 pop esi 0x00000033 popad 0x00000034 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0490 second address: 54B04D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE41959684Eh 0x00000009 sub ax, 7768h 0x0000000e jmp 00007FE41959684Bh 0x00000013 popfd 0x00000014 mov ax, 095Fh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e movzx eax, di 0x00000021 movsx ebx, ax 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FE41959684Bh 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B04D2 second address: 54B04D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0106 second address: 54B0116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FE41959684Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0116 second address: 54B011A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B011A second address: 54B0144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b mov al, dl 0x0000000d pop esi 0x0000000e jmp 00007FE419596855h 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0144 second address: 54B014B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B014B second address: 54B017E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596854h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FE419596857h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B017E second address: 54B0190 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0190 second address: 54B0194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0194 second address: 54B01AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722675h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B01AD second address: 54B01CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE419596851h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B01CB second address: 54B01CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B01CF second address: 54B01D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B01D5 second address: 54B020B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE418722672h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FE418722669h 0x0000000e jmp 00007FE418722670h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B020B second address: 54B020F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B020F second address: 54B0215 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0215 second address: 54B0254 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FE41959684Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FE419596852h 0x00000016 add al, 00000068h 0x00000019 jmp 00007FE41959684Bh 0x0000001e popfd 0x0000001f push eax 0x00000020 pop ebx 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B0254 second address: 54B02E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FE41872266Bh 0x00000009 xor ch, FFFFFFAEh 0x0000000c jmp 00007FE418722679h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [eax] 0x00000019 jmp 00007FE418722677h 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FE41872266Fh 0x00000029 and cx, 276Eh 0x0000002e jmp 00007FE418722679h 0x00000033 popfd 0x00000034 mov si, 18F7h 0x00000038 popad 0x00000039 pop eax 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov di, 8FDAh 0x00000041 movsx ebx, si 0x00000044 popad 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B02E3 second address: 54B02E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\jUlAlD6KHz.exe |
RDTSC instruction interceptor: First address: 54B02E9 second address: 54B02ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: RageMP131.exe, 00000018.00000003.1981671193.0000000005D35000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_995F9B50* |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: netportal.hdfcbank.comVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}*H |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696492( |
Source: RageMP131.exe, 00000014.00000002.2137292986.0000000001650000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000ts |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696 |
Source: MPGPH131.exe, 00000011.00000002.2182717521.00000000010FB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWk |
Source: MPGPH131.exe, 00000010.00000002.2213933698.0000000005D2F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}lt_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT087cq/n0b4cx5g+QK3FvYl+MX |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ra Change Transaction PasswordVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ebrokers.co.inVMware20,11696492231d |
Source: MPGPH131.exe, 00000011.00000002.2182717521.00000000010BC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000& |
Source: Amcache.hve.34.dr |
Binary or memory string: vmci.sys |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: global block list test formVMware20,11696492231 |
Source: RageMP131.exe, 00000014.00000003.1970912502.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,1169649223k& |
Source: MPGPH131.exe, 00000010.00000002.2213933698.0000000005D18000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/wrKNvcORbG/KSWVvNwqcadPG/rBk5nhFCz9F9cp+/CMHi7mq9YYM5j84uMvd6w+fPhfuYEPH+AG3nz75g17/+byAqZfX1+/BSx8e7nn//M1LR37RXfJjUu4+O68wH9inPxOtLvEgV7JTJgqeOjw09V/ONcYNa/tCunX5+9i8NNeIRX8UQvv0A6e8fYKvoX+p9usm9y6851+d3X1G46QXUuIg9e/fYNyyi3IKFgXJhuQHnx9JtDT5xO9vKDYf/fYcOwrxxO2mZBbWXHLUNgWuPF8QMP1VgXXS2j0csH2J7j8d/6EMsSQQvtY2fiVZeNUFpQLdSDNiLDCpcFZuOuNFM1lyEPrDOy5V2Pa8Isvw/LQGWy9R4ULvMfWYFvV0pYBQeDge72VUXcJl04M269Z3eWD9Sui2vKEVsaNepEriwTxFejIdvTsMugAOolX1nXEZWKcpJz6vK52fbqEdOY48A4EMW4Z6n3iyc8EHhj5GqYuhITlZQw76pB7jxJm6hNmvaExg6GNfuSV9kA6eQ7Qot5IzdGd6UgLQLgcsIJ1gKiAQAMC0I8tBeYHC78CAfV7kFS/vBbMyO/PNHwaYEVSvZ/8zPimfz+UHb+cZf6enj+9Ffjxg69PAwJrWoabxr8FZnT71RBfMpLf/j9Hxg1E4hUBAA== |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: bankofamerica.comVMware20,11696492231x |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: comVMware20,11696492231o |
Source: RageMP131.exe, 00000014.00000003.1967668419.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: billing_address_id.comVMware20,11696492 |
Source: RageMP131.exe, 00000014.00000002.2137292986.0000000001713000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: -c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_995F9B50* |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .utiitsl.comVMware20,11696492238 |
Source: Amcache.hve.34.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: RageMP131.exe, 00000014.00000003.1967668419.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .comVMware20,11696492 |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware Virtual RAM |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: HARtive Brokers - non-EU EuropeVMware20,11696492231 |
Source: RageMP131.exe, 00000014.00000003.1396822392.00000000016A9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}q |
Source: Amcache.hve.34.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW} |
Source: RageMP131.exe, 00000018.00000003.1475893699.00000000009FD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}t |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: turbotax.intuit.comVMware20,11696492231t |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - HKVMware20,11696492231] |
Source: MPGPH131.exe, MPGPH131.exe, 00000011.00000002.2179700317.00000000006F7000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000002.2132704164.0000000000FF7000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000002.2149542475.0000000000FF7000.00000040.00000001.01000000.00000007.sdmp |
Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__ |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: interactivebrokers.co.inVMware20,11696492231d |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tive Brokers - non-EU EuropeVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000003.1981671193.0000000005D35000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,116 |
Source: RageMP131.exe, 00000014.00000003.1967668419.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: nickname.utiitsl.comVMware20,1169649223 |
Source: Amcache.hve.34.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWr' |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\Default\Local Storage\leveldb\000003.logj |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231 |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: formVMware20,11696492231 |
Source: jUlAlD6KHz.exe, 00000000.00000003.1289337896.00000000014DC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}T |
Source: Amcache.hve.34.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RageMP131.exe, 00000014.00000003.1970912502.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696492 |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: r global passwords blocklistVMware20,11696492231 |
Source: RageMP131.exe, 00000014.00000003.1967668419.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696(h& |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: www.interactivebrokers.comVMware20,11696492231} |
Source: Amcache.hve.34.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.34.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: nickname.utiitsl.comVMware20,11696492238 |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000171E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}fox\Profiles\fu7wner3.default-release\cookies.sqlite |
Source: RageMP131.exe, 00000014.00000003.1970912502.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,1169649223 |
Source: MPGPH131.exe, 00000011.00000002.2182717521.00000000010FB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\Default\Local Storage\leveldb\000003.logC |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CT service, encrypted_token FROM token_servicerr global passwords blocklistVMware20,11696492231 |
Source: jUlAlD6KHz.exe, 00000000.00000002.2132570020.0000000000C07000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000010.00000002.2203265512.00000000006F7000.00000040.00000001.01000000.00000006.sdmp, MPGPH131.exe, 00000011.00000002.2179700317.00000000006F7000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000014.00000002.2132704164.0000000000FF7000.00000040.00000001.01000000.00000007.sdmp, RageMP131.exe, 00000018.00000002.2149542475.0000000000FF7000.00000040.00000001.01000000.00000007.sdmp |
Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please, |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014CC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&v |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231} |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: o.inVMware20,11696492231~ |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: outlook.office.comVMware20,11696492231s |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: AMC password management pageVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\WorkspacesNavigationComponent\Network\* |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696H |
Source: Amcache.hve.34.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: pageformVMware20,11696492231 |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: interactivebrokers.comVMware20,11696492231 |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014CC000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp, jUlAlD6KHz.exe, 00000000.00000003.1893108875.00000000014F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.00000000010FB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000011.00000002.2182717521.00000000010BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.000000000165E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000018.00000002.2146898769.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: jUlAlD6KHz.exe, 00000000.00000003.2003869345.00000000063A4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}ta=C:\ProgramDataProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user~1\AppData\Local\TempTMP=C:\Users\user~1\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows|| |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^ |
Source: MPGPH131.exe, 00000011.00000003.1332027869.00000000010CB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: outlook.office365.comVMware20,11696492231t |
Source: RageMP131.exe, 00000014.00000003.1970912502.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696xb& |
Source: Amcache.hve.34.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: discord.comVMware20,11696492231f |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: billing_address_id.comVMware20,11696492( |
Source: RageMP131.exe, 00000018.00000003.1981671193.0000000005D35000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_995F9B50 |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWen-GBnI_ |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,1169649223 |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~ |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\Default\Local Storage\leveldb\000003.log |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014ED000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\** |
Source: RageMP131.exe, 00000018.00000003.1475893699.00000000009FD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}] |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: tasks.office.comVMware20,11696492231o |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.34.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.34.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: account.microsoft.com/profileVMware20,11696492231u |
Source: Amcache.hve.34.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231 |
Source: jUlAlD6KHz.exe, 00000000.00000002.2136263704.00000000014DB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}V |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000171E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\efbglgofoippbgcjepnhiblaibcnclgk\CURRENTN |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231 |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Canara Transaction PasswordVMware20,11696492231x |
Source: Amcache.hve.34.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E5C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&2 |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: s.portal.azure.comVMware20,11696492231 |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ccount.microsoft.com/profileVMware20,11696492231u |
Source: Amcache.hve.34.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.34.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.34.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.34.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: RageMP131.exe, 00000018.00000002.2146898769.00000000009F7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}u |
Source: MPGPH131.exe, 00000010.00000002.2204526510.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\User Data\igkpcodhieompeloncfnbekccinhapdb\CURRENT |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016A7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}p |
Source: Amcache.hve.34.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: jUlAlD6KHz.exe, 00000000.00000003.1289337896.00000000014DC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}k |
Source: RageMP131.exe, 00000014.00000002.2137292986.0000000001713000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: -c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_995F9B50 |
Source: RageMP131.exe, 00000018.00000002.2146898769.00000000009E4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&V |
Source: MPGPH131.exe, 00000011.00000002.2182717521.00000000010CB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SIk&Ven_VMware&Prod_Vidi&1656f219&0&000000#{07f-11d0-94f2-00a0c91e |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: dev.azure.comVMware20,11696492231j |
Source: RageMP131.exe, 00000018.00000003.1976842354.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: rootpagecomVMware20,11696492231o |
Source: RageMP131.exe, 00000014.00000002.2137292986.000000000169A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000s\user~1\AppData\Local\TempS |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h |
Source: RageMP131.exe, 00000014.00000003.1967668419.000000000625B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .utiitsl.comVMware20,1169649223 |
Source: Amcache.hve.34.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.34.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: RageMP131.exe, 00000018.00000003.1970677593.0000000005D50000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .comVMware20,11696492( |
Source: RageMP131.exe, 00000014.00000002.2137292986.00000000016BE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWL |
Source: DfTWXkt7bFHWWeb Data.24.dr |
Binary or memory string: ms.portal.azure.comVMware20,11696492231 |