Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exe |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exelS |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/go.exet |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/lenin.exe |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/lenin.exeeS |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/lenin.exeka.ex% |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/lenin.exer |
Source: MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/sok.exe |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.56/cost/sok.exebS |
Source: Amcache.hve.12.dr | String found in binary or memory: http://upx.sf.net |
Source: OUZXNOqKXg.exe, 00000000.00000002.2497651376.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2002580673.0000000004960000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2089915255.0000000004D10000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2497650348.0000000000EC1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.2501580348.0000000000EC1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2089594487.0000000004970000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2352696404.0000000000FF1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2191104526.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2420304740.0000000000FF1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000D.00000003.2288639202.0000000004E20000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/ |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225 |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225a |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225c |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000B9B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225 |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225A |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225P |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000C22000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/ |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000DCF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/K |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000688000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.0000000000770000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000C22000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.000000000066C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/S |
Source: OUZXNOqKXg.exe, 00000000.00000002.2497651376.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2002580673.0000000004960000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2089915255.0000000004D10000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2497650348.0000000000EC1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.2501580348.0000000000EC1000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2089594487.0000000004970000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2352696404.0000000000FF1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000008.00000003.2191104526.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2420304740.0000000000FF1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000D.00000003.2288639202.0000000004E20000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: MPGPH131.exe, 00000007.00000002.2495829524.0000000000765000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/v |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000688000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2496012876.000000000066C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000071C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.0000000000770000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225 |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000071C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.2251 |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225; |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.000000000066C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225v |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C22000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225z |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000B9B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000688000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225h |
Source: MPGPH131.exe, 00000007.00000002.2495829524.0000000000770000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225w |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.000000000763D000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2496012876.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2279686406.0000000007A05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2514314393.0000000007A05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276710480.0000000007927000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2513672666.00000000074E0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276646038.000000000791C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.00000000006EA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2514580399.0000000007928000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000B9B000.00000004.00000020.00020000.00000000.sdmp, omSBwUIH4pet5KxkFSj3Ooa.zip.0.dr, HWrdWlyArR5ylxzokfJFSLT.zip.7.dr | String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: MPGPH131.exe, 00000006.00000003.2279686406.0000000007A05000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2514314393.0000000007A05000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORT1 |
Source: MPGPH131.exe, 00000007.00000003.2276710480.0000000007927000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276646038.000000000791C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2514580399.0000000007928000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTA |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.00000000005FE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTY |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.7.dr, passwords.txt.0.dr | String found in binary or memory: https://t.me/risepro_bot |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot0.225 |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot:S |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000E41000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botD |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botN5 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000E41000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botisepro_bot |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botlater3S |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisepro |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.p |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000E41000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.x |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: OUZXNOqKXg.exe, 00000000.00000003.2132940072.000000000765A000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131325613.000000000764C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2239311285.0000000007D6C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2260495218.0000000007DFB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2237290449.0000000007D68000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2242010119.0000000007556000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2240147052.0000000007551000.00000004.00000020.00020000.00000000.sdmp, IcAhGBHRo3YOWeb Data.0.dr, PaWWAHmKp8fWWeb Data.6.dr, 96e_HOYMTAmIWeb Data.0.dr, DYntKPfaj3fyWeb Data.0.dr, PfUMhVZm9gXZWeb Data.6.dr, ItL735j0X1vDWeb Data.6.dr | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: MPGPH131.exe | String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.00000000075D9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2514314393.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2279686406.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2497154861.00000000007D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/3 |
Source: OUZXNOqKXg.exe, 00000000.00000003.2143053881.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172578105.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2133297840.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2174364595.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171722519.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170152454.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179114613.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2132200707.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2513399708.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172825784.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131613536.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2173818572.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170483238.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131947040.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179710953.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2134450472.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170933371.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171220617.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131398179.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2139144057.0000000007632000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: MPGPH131.exe, 00000007.00000002.2497154861.00000000007D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/o |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.00000000075D9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/p |
Source: D87fZN3R3jFeplaces.sqlite.0.dr | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: OUZXNOqKXg.exe, 00000000.00000003.2143053881.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172578105.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2133297840.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2174364595.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171722519.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170152454.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179114613.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2132200707.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2513399708.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172825784.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131613536.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2173818572.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170483238.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131947040.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179710953.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2134450472.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170933371.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171220617.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131398179.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2139144057.0000000007632000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.00000000075D9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2514314393.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2279686406.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2497154861.00000000007D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: MPGPH131.exe, 00000007.00000002.2497154861.00000000007D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/3 |
Source: MPGPH131.exe, 00000007.00000002.2497154861.00000000007D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/D) |
Source: MPGPH131.exe, 00000006.00000002.2514314393.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2279686406.00000000079CC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/efox/s |
Source: OUZXNOqKXg.exe, 00000000.00000003.2143053881.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172578105.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2133297840.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2174364595.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171722519.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179456574.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170152454.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179114613.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2132200707.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2513399708.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2172825784.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131613536.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2173818572.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170483238.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131947040.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2179710953.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2134450472.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2170933371.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2171220617.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2131398179.0000000007632000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000003.2139144057.0000000007632000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MPGPH131.exe, 00000006.00000002.2514314393.00000000079CC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2279686406.00000000079CC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ve |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rstrtmgr.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d11.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxgi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: d3d10warp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dxcore.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: devobj.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: webio.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA98D1 second address: FA98DF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F3E94B7DA5Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA98DF second address: FA991F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3E94D6E784h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jnl 00007F3E94D6E776h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop edi 0x00000018 jmp 00007F3E94D6E789h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F9CAA8 second address: F9CAAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA88F3 second address: FA8908 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3E952D7946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jnc 00007F3E952D7946h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA8908 second address: FA8941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3E949294A8h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E949294A4h 0x00000011 jc 00007F3E94929496h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA8E8B second address: FA8EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 jmp 00007F3E952D7953h 0x0000000b pop edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA8EA5 second address: FA8EC4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3E94929498h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3E9492949Dh 0x0000000f jbe 00007F3E94929496h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA8EC4 second address: FA8ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC012 second address: FAC01C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC01C second address: FAC026 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3E952D794Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC026 second address: E369BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 188910BCh 0x0000000d mov dword ptr [ebp+122D1B08h], eax 0x00000013 push dword ptr [ebp+122D0169h] 0x00000019 cmc 0x0000001a push eax 0x0000001b mov cl, E1h 0x0000001d pop ecx 0x0000001e call dword ptr [ebp+122D1BBCh] 0x00000024 pushad 0x00000025 stc 0x00000026 xor eax, eax 0x00000028 mov dword ptr [ebp+122D1B0Dh], edi 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 jmp 00007F3E949294A4h 0x00000037 mov dword ptr [ebp+122D3737h], eax 0x0000003d mov dword ptr [ebp+122D29CFh], ecx 0x00000043 jnl 00007F3E9492949Eh 0x00000049 mov esi, 0000003Ch 0x0000004e pushad 0x0000004f jl 00007F3E9492949Ch 0x00000055 sub dword ptr [ebp+122D19BEh], ebx 0x0000005b mov eax, dword ptr [ebp+122D359Bh] 0x00000061 popad 0x00000062 add esi, dword ptr [esp+24h] 0x00000066 jmp 00007F3E9492949Fh 0x0000006b lodsw 0x0000006d jg 00007F3E9492949Ch 0x00000073 jg 00007F3E9492949Ch 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d pushad 0x0000007e clc 0x0000007f jmp 00007F3E949294A5h 0x00000084 popad 0x00000085 sub dword ptr [ebp+122D29CFh], edi 0x0000008b mov ebx, dword ptr [esp+24h] 0x0000008f jnp 00007F3E949294A4h 0x00000095 nop 0x00000096 pushad 0x00000097 push ecx 0x00000098 jmp 00007F3E949294A1h 0x0000009d pop ecx 0x0000009e jo 00007F3E9492949Ch 0x000000a4 push eax 0x000000a5 push edx 0x000000a6 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC080 second address: FAC084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC084 second address: FAC088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC1AA second address: FAC1D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7953h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F3E952D794Dh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC1D5 second address: FAC1DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FAC41D second address: FAC426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FBE029 second address: FBE036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCA4C3 second address: FCA4CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3E952D7946h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCA4CD second address: FCA4E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F3E9492949Ch 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCA8FF second address: FCA906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCA906 second address: FCA90E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCA90E second address: FCA912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCAA41 second address: FCAA4B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3E94929496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCAFED second address: FCAFF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCB18D second address: FCB193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCB58F second address: FCB593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCB593 second address: FCB5C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F3E94929496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F3E949294A9h 0x00000014 jmp 00007F3E9492949Ah 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCBE0F second address: FCBE1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F3E952D794Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCBE1E second address: FCBE44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F3E949294B2h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCBE44 second address: FCBE50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F3E952D7946h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCBFC1 second address: FCBFC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCBFC5 second address: FCBFC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCC178 second address: FCC17C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCC17C second address: FCC189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCFE6F second address: FCFE79 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCFE79 second address: FCFE7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FCEF4B second address: FCEF50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD00EA second address: FD0114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push esi 0x0000000d jng 00007F3E952D7948h 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD0114 second address: FD0118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD0118 second address: FD012E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7952h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD012E second address: FD0133 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8CDF second address: FD8CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D794Dh 0x00000009 popad 0x0000000a pushad 0x0000000b js 00007F3E952D7946h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8CFA second address: FD8D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8D00 second address: FD8D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F9AFE2 second address: F9B005 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E949294ABh 0x00000008 jmp 00007F3E949294A5h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F9B005 second address: F9B028 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3E952D7946h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f jmp 00007F3E952D794Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD80B6 second address: FD80DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E9492949Fh 0x0000000b jne 00007F3E94929498h 0x00000011 popad 0x00000012 push ebx 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8219 second address: FD821D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD821D second address: FD8221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8221 second address: FD8227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8227 second address: FD8237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3E94929496h 0x0000000a jno 00007F3E94929496h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD83E5 second address: FD8404 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7953h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8404 second address: FD8408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8824 second address: FD8893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F3E952D7957h 0x00000011 jmp 00007F3E952D7956h 0x00000016 jp 00007F3E952D7946h 0x0000001c popad 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F3E952D7955h 0x00000025 popad 0x00000026 popad 0x00000027 push ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F3E952D794Ah 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8893 second address: FD8897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8897 second address: FD88BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7955h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F3E952D794Bh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8B67 second address: FD8B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8B6B second address: FD8B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8B71 second address: FD8B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8B77 second address: FD8B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D7957h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8B92 second address: FD8BBE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3E94929496h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E949294A5h 0x00000016 jnc 00007F3E94929496h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FD8BBE second address: FD8BC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDAA0A second address: FDAA0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDAD89 second address: FDAD8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDAD8D second address: FDAD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F3E9492949Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDB0C4 second address: FDB0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3E952D794Ch 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDB79F second address: FDB7A9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDB966 second address: FDB96C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDBAFE second address: FDBB02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDBB02 second address: FDBB06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDBB8C second address: FDBBA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jne 00007F3E94929496h 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDBBA0 second address: FDBBA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDBBA6 second address: FDBBAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDC07F second address: FDC11A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007F3E952D794Eh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F3E952D7948h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D3407h] 0x00000030 push 00000000h 0x00000032 jnl 00007F3E952D7958h 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007F3E952D7948h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 mov edi, dword ptr [ebp+122D3877h] 0x0000005a mov edi, dword ptr [ebp+122D36FFh] 0x00000060 push eax 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F3E952D794Dh 0x00000069 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDCAEF second address: FDCAF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDCAF5 second address: FDCAF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDCAF9 second address: FDCAFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDDB74 second address: FDDB7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDDB7B second address: FDDBA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F3E9492949Ah 0x0000000d nop 0x0000000e and si, 3E55h 0x00000013 push 00000000h 0x00000015 movzx esi, bx 0x00000018 push 00000000h 0x0000001a mov si, bx 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f push edi 0x00000020 push eax 0x00000021 pop eax 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDE681 second address: FDE73D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F3E952D7956h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F3E952D7948h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D214Eh], edx 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F3E952D7948h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 pushad 0x00000049 call 00007F3E952D7957h 0x0000004e call 00007F3E952D794Bh 0x00000053 pop ebx 0x00000054 pop edx 0x00000055 or edx, 0FA6647Bh 0x0000005b popad 0x0000005c jmp 00007F3E952D794Fh 0x00000061 push 00000000h 0x00000063 je 00007F3E952D794Ch 0x00000069 jno 00007F3E952D7946h 0x0000006f xchg eax, ebx 0x00000070 push eax 0x00000071 push edx 0x00000072 jc 00007F3E952D7948h 0x00000078 pushad 0x00000079 popad 0x0000007a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDE73D second address: FDE747 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3E9492949Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE08D3 second address: FE08D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE08D8 second address: FE08ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE1CB3 second address: FE1CB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE53DF second address: FE5403 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3E9492949Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E949294A0h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE5403 second address: FE5473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D37A7h] 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F3E952D7948h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a add dword ptr [ebp+12475E76h], ebx 0x00000030 jc 00007F3E952D7947h 0x00000036 clc 0x00000037 push 00000000h 0x00000039 call 00007F3E952D7954h 0x0000003e mov bl, ch 0x00000040 pop edi 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F3E952D7959h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE5473 second address: FE547D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3E94929496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE663E second address: FE664F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE664F second address: FE6655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE775F second address: FE7764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB62E second address: FEB632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB632 second address: FEB638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB638 second address: FEB63F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEA849 second address: FEA84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEA84D second address: FEA857 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB6BD second address: FEB6C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB6C1 second address: FEB6E6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F3E949294A8h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEB6E6 second address: FEB6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FEC727 second address: FEC731 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF07D8 second address: FF0863 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3E952D7946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 jmp 00007F3E952D7952h 0x00000015 popad 0x00000016 nop 0x00000017 call 00007F3E952D7950h 0x0000001c push eax 0x0000001d mov ebx, dword ptr [ebp+122D37E3h] 0x00000023 pop edi 0x00000024 pop ebx 0x00000025 mov bx, di 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F3E952D7948h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push esi 0x00000049 call 00007F3E952D7948h 0x0000004e pop esi 0x0000004f mov dword ptr [esp+04h], esi 0x00000053 add dword ptr [esp+04h], 00000019h 0x0000005b inc esi 0x0000005c push esi 0x0000005d ret 0x0000005e pop esi 0x0000005f ret 0x00000060 mov edi, 757E89B4h 0x00000065 push eax 0x00000066 push ecx 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED855 second address: FED869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3E9492949Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF1730 second address: FF173F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF173F second address: FF1743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF1743 second address: FF1749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED869 second address: FED8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F3E9492949Ch 0x0000000f mov ebx, dword ptr [ebp+122D27E9h] 0x00000015 pop edi 0x00000016 push dword ptr fs:[00000000h] 0x0000001d or edi, 39B96CE1h 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a mov edi, dword ptr [ebp+122D1B08h] 0x00000030 mov eax, dword ptr [ebp+122D15B9h] 0x00000036 xor dword ptr [ebp+12471299h], esi 0x0000003c push FFFFFFFFh 0x0000003e mov bx, dx 0x00000041 nop 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED8B8 second address: FED8BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED8BE second address: FED8C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED8C4 second address: FED8C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FED8C8 second address: FED8E8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F3E949294A3h 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF3758 second address: FF3761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF4728 second address: FF4733 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F3E94929496h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FF3913 second address: FF3917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FFC991 second address: FFC995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FFC995 second address: FFC99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FFE50E second address: FFE548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F3E949294A2h 0x0000000b jmp 00007F3E9492949Fh 0x00000010 jmp 00007F3E949294A2h 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1002C97 second address: 1002C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100738F second address: 1007395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1007395 second address: 1007399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1007399 second address: 100739D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100739D second address: 10073A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10073A3 second address: 10073E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop ebx 0x00000011 jmp 00007F3E9492949Ch 0x00000016 jc 00007F3E949294AEh 0x0000001c jmp 00007F3E949294A8h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10073E2 second address: 10073E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1007B04 second address: 1007B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3E9492949Fh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1007C91 second address: 1007CB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007F3E952D7946h 0x0000000d jmp 00007F3E952D7956h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100BD3A second address: 100BD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100BD40 second address: 100BD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F3E952D7946h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100BD4F second address: 100BD57 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100BD57 second address: 100BD61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F3E952D7946h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2AA8 second address: FE2AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2B1C second address: FE2B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7952h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push esi 0x0000000c push ebx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 pop esi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F3E952D7955h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2B55 second address: FE2B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2B68 second address: FE2B80 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jc 00007F3E952D7952h 0x00000010 jns 00007F3E952D794Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2B80 second address: FE2BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp+04h], eax 0x00000008 pushad 0x00000009 jmp 00007F3E949294A9h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F3E94929496h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2BAA second address: FE2BDB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 or dword ptr [ebp+122D2538h], eax 0x0000000e push D73D084Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F3E952D7958h 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2CBE second address: FE2CE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F3E949294A5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2CE3 second address: FE2CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2CE8 second address: FE2CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2FD6 second address: FE2FDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2FDA second address: FE2FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE2FE4 second address: FE2FF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov cx, D64Ah 0x0000000c push 00000004h 0x0000000e nop 0x0000000f push ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE3530 second address: FE353A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F3E94929496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE3688 second address: FE36A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E952D7958h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE36A4 second address: FE36DC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jp 00007F3E9492949Eh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jne 00007F3E949294A2h 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE36DC second address: FE36E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE36E3 second address: FE370F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3E949294ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE370F second address: FE3715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE3794 second address: FE379E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F3E94929496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE379E second address: FE37BF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3E952D7946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E952D7952h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE37BF second address: FE3825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jne 00007F3E9492949Eh 0x00000011 lea eax, dword ptr [ebp+1247F3BEh] 0x00000017 jg 00007F3E949294B4h 0x0000001d nop 0x0000001e push esi 0x0000001f jno 00007F3E949294A3h 0x00000025 pop esi 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a jns 00007F3E94929496h 0x00000030 push ecx 0x00000031 pop ecx 0x00000032 popad 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE3825 second address: FE382A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE382A second address: FE3853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 jng 00007F3E9492949Bh 0x0000000e sub di, BFD7h 0x00000013 lea eax, dword ptr [ebp+1247F37Ah] 0x00000019 xor dword ptr [ebp+122D1A50h], edx 0x0000001f nop 0x00000020 jc 00007F3E9492949Eh 0x00000026 push edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FE3853 second address: FC1F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jne 00007F3E952D795Dh 0x0000000c nop 0x0000000d jnp 00007F3E952D794Ch 0x00000013 call dword ptr [ebp+1244FAF4h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FC1F24 second address: FC1F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FC1F2A second address: FC1F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FC1F39 second address: FC1F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FC1F43 second address: FC1F58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3E952D794Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F9E637 second address: F9E64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F3E9492949Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C1D5 second address: 100C1D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C34F second address: 100C355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C355 second address: 100C35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C35E second address: 100C364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C4A4 second address: 100C4A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C4A8 second address: 100C4B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C4B0 second address: 100C4E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007F3E952D7946h 0x00000009 jmp 00007F3E952D7951h 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007F3E952D7957h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C78F second address: 100C797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C797 second address: 100C7BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3E952D7946h 0x0000000a popad 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F3E952D7946h 0x00000019 jmp 00007F3E952D794Dh 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100C94D second address: 100C952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 100FD17 second address: 100FD34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop edi 0x00000011 jo 00007F3E952D794Ch 0x00000017 jbe 00007F3E952D7946h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101894E second address: 1018952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1018952 second address: 1018974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D7957h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1018974 second address: 10189A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 ja 00007F3E9492949Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F3E949294A7h 0x00000016 pop ebx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017598 second address: 10175AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E952D794Ch 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10176E2 second address: 1017711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E9492949Eh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F3E949294A5h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017711 second address: 101772C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D7956h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101772C second address: 1017733 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017733 second address: 101773D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017895 second address: 10178A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3E94929496h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017CDB second address: 1017D06 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3E952D794Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F3E952D7959h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017D06 second address: 1017D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101723F second address: 101724B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3E952D7946h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101724B second address: 1017250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1017250 second address: 101727A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7955h 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jne 00007F3E952D7946h 0x00000010 pop edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101819F second address: 10181A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10181A3 second address: 10181B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3E952D794Bh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10181B6 second address: 10181C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1018348 second address: 101835A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D794Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101835A second address: 101836C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c ja 00007F3E94929496h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101836C second address: 101838A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F3E952D7958h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101838A second address: 101838F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1018647 second address: 101864D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101864D second address: 1018658 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101CF43 second address: 101CF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F3E952D7946h 0x00000010 pop esi 0x00000011 pushad 0x00000012 jmp 00007F3E952D794Ch 0x00000017 ja 00007F3E952D7946h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101D0F9 second address: 101D0FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101D3A6 second address: 101D3C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F3E952D7955h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101D3C4 second address: 101D3CE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101D712 second address: 101D716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101DAE4 second address: 101DAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101DD55 second address: 101DD59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101E1D4 second address: 101E1DE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3E94929496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 101CB6A second address: 101CB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D7958h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10231F7 second address: 102321D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A1h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E9492949Ch 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022B16 second address: 1022B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D7955h 0x00000009 jmp 00007F3E952D7951h 0x0000000e jnc 00007F3E952D7946h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022B4C second address: 1022B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022B53 second address: 1022B59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022B59 second address: 1022B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3E94929496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022F23 second address: 1022F5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3E952D794Eh 0x00000008 js 00007F3E952D7946h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push edx 0x00000014 jl 00007F3E952D7957h 0x0000001a jmp 00007F3E952D7951h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1022F5A second address: 1022F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1025574 second address: 1025593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 ja 00007F3E952D7946h 0x0000000b pop eax 0x0000000c jng 00007F3E952D794Ah 0x00000012 pushad 0x00000013 jc 00007F3E952D7946h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102526C second address: 1025270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1025270 second address: 1025291 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7953h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F3E952D7946h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1029538 second address: 102954A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007F3E94929496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102954A second address: 1029556 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnl 00007F3E952D7946h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1029556 second address: 102956F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3E949294A3h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102956F second address: 1029573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1029573 second address: 1029583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1028D28 second address: 1028D42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E952D794Dh 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102ABFA second address: 102AC29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A6h 0x00000009 jmp 00007F3E949294A5h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA01F0 second address: FA0200 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F3E952D7946h 0x0000000a jno 00007F3E952D7946h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FA0200 second address: FA0204 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102EDFF second address: 102EE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102EE09 second address: 102EE1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E9492949Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F230 second address: 102F234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F234 second address: 102F241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F395 second address: 102F3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F3E952D7946h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F3A1 second address: 102F3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F3E949294A2h 0x0000000b pop esi 0x0000000c je 00007F3E949294A2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F541 second address: 102F54F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3E952D7946h 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F54F second address: 102F555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F555 second address: 102F55A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 102F55A second address: 102F576 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3E949294A5h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103367F second address: 1033699 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3E952D7954h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033699 second address: 10336A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033808 second address: 1033840 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E952D7958h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10339B5 second address: 10339BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033B1F second address: 1033B37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7954h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033B37 second address: 1033B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033B45 second address: 1033B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1033CB8 second address: 1033CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10341C0 second address: 10341E5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3E952D794Ch 0x00000008 jnc 00007F3E952D794Eh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10341E5 second address: 10341E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103C4EE second address: 103C4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jc 00007F3E952D7946h 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103C4FB second address: 103C51E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F3E94929496h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F3E949294A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA09 second address: 103AA1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007F3E952D7946h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA1B second address: 103AA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA25 second address: 103AA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA2B second address: 103AA4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007F3E949294A8h 0x0000000d jmp 00007F3E949294A2h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA4A second address: 103AA50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA50 second address: 103AA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103AA54 second address: 103AA62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F3E952D7946h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103ABD0 second address: 103ABD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103ABD4 second address: 103ABDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103ABDD second address: 103ABF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E9492949Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 103B32B second address: 103B352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3E952D7946h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F3E952D794Fh 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1041214 second address: 104121A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1044CE1 second address: 1044CF4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3E952D7946h 0x00000008 je 00007F3E952D7946h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1044CF4 second address: 1044D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3E94929496h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007F3E94929496h 0x00000016 pop edi 0x00000017 jmp 00007F3E949294A5h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 104FA28 second address: 104FA2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1053374 second address: 1053378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1053378 second address: 105339D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3E952D7946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jmp 00007F3E952D7952h 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 105339D second address: 10533A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10533A3 second address: 10533BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1052D0B second address: 1052D1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1057508 second address: 1057530 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7954h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007F3E952D794Eh 0x00000011 push esi 0x00000012 pop esi 0x00000013 jno 00007F3E952D7946h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1057530 second address: 105753A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F3E94929496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10576B1 second address: 10576C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7954h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10576C9 second address: 10576D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1059F3F second address: 1059F4C instructions: 0x00000000 rdtsc 0x00000002 je 00007F3E952D7946h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1059F4C second address: 1059F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1059F51 second address: 1059F5B instructions: 0x00000000 rdtsc 0x00000002 js 00007F3E952D7960h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 106D961 second address: 106D982 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3E94929496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E949294A5h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1098314 second address: 1098331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7959h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1097E7A second address: 1097E98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3E949294A4h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 1097E98 second address: 1097E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C0B30 second address: 10C0B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C0B38 second address: 10C0B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D794Bh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C0F5F second address: 10C0F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C0F64 second address: 10C0F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C125A second address: 10C125E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C125E second address: 10C1266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C43BA second address: 10C43C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C4658 second address: 10C465C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C4772 second address: 10C47A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3E949294A0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jbe 00007F3E94929496h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3E9492949Ch 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C47A7 second address: 10C47AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C49AE second address: 10C49BC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F3E94929496h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C49BC second address: 10C4A13 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dx, E5DAh 0x0000000e mov edx, eax 0x00000010 push dword ptr [ebp+122D1B7Bh] 0x00000016 pushad 0x00000017 mov dword ptr [ebp+122D2E1Ah], edx 0x0000001d mov dword ptr [ebp+12476E26h], edi 0x00000023 popad 0x00000024 call 00007F3E952D7950h 0x00000029 jmp 00007F3E952D794Ch 0x0000002e pop edx 0x0000002f push DD7669E6h 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F3E952D794Eh 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C4A13 second address: 10C4A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F979B3 second address: F979D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jmp 00007F3E952D7955h 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop eax 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: F979D5 second address: F979DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C767F second address: 10C7683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 10C7683 second address: 10C7689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49F0762 second address: 49F0790 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3E952D794Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 movzx esi, dx 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49F0790 second address: 49F07CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F3E9492949Dh 0x00000012 pop esi 0x00000013 jmp 00007F3E949294A1h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49F07CC second address: 49F07D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C01BB second address: 49C01C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C01C1 second address: 49C01C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C01C5 second address: 49C01EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3E9492949Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3E9492949Ch 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C01EC second address: 49C01FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 call 00007F3E952D794Ch 0x0000000b pop esi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C01FF second address: 49C0226 instructions: 0x00000000 rdtsc 0x00000002 call 00007F3E9492949Bh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E949294A2h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0226 second address: 49C0271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E952D7951h 0x00000009 add si, 6D06h 0x0000000e jmp 00007F3E952D7951h 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3E952D7956h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20EF4 second address: 4A20EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20EF8 second address: 4A20EFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20EFE second address: 4A20F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F3E9492949Fh 0x00000013 xor ax, 64FEh 0x00000018 jmp 00007F3E949294A9h 0x0000001d popfd 0x0000001e push eax 0x0000001f call 00007F3E949294A7h 0x00000024 pop esi 0x00000025 pop ebx 0x00000026 popad 0x00000027 xchg eax, ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d pushfd 0x0000002e jmp 00007F3E949294A7h 0x00000033 adc eax, 2CD8146Eh 0x00000039 jmp 00007F3E949294A9h 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20F94 second address: 4A20F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20F9A second address: 4A20F9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20F9E second address: 4A20FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E952D7952h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0DF9 second address: 49B0DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0DFD second address: 49B0E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E01 second address: 49B0E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E07 second address: 49B0E16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E952D794Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E16 second address: 49B0E1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E1A second address: 49B0E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ebx, 7DA2B152h 0x00000011 mov ax, di 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E2F second address: 49B0E50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E50 second address: 49B0E54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E54 second address: 49B0E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E71 second address: 49B0E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E77 second address: 49B0E7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0E7B second address: 49B0EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F3E952D794Fh 0x0000000f push dword ptr [ebp+04h] 0x00000012 jmp 00007F3E952D7956h 0x00000017 push dword ptr [ebp+0Ch] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F3E952D794Ah 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0EBE second address: 49B0EC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49B0EC2 second address: 49B0EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20B5B second address: 4A20B61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20B61 second address: 4A20B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20B67 second address: 4A20B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20B6B second address: 4A20BBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov ebx, eax 0x0000000e push ecx 0x0000000f call 00007F3E952D7955h 0x00000014 pop esi 0x00000015 pop edx 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F3E952D794Ch 0x0000001e pop ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F3E952D7957h 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20BBA second address: 4A20BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20BC0 second address: 4A20BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00BE8 second address: 4A00BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00BEC second address: 4A00BF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00BF2 second address: 4A00C1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E949294A7h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00C1A second address: 4A00C1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00C1F second address: 4A00C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov di, si 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00C2F second address: 4A00C41 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1405FEFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov edi, eax 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00C41 second address: 4A00C57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, B20Bh 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov dh, 3Bh 0x00000012 movzx esi, dx 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00C57 second address: 4A00C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A5007F second address: 4A500A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 484F5A97h 0x00000008 mov bh, ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e pushad 0x0000000f jmp 00007F3E949294A5h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A51 second address: 4A30A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3E952D794Dh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A63 second address: 4A30A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A69 second address: 4A30A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A6D second address: 4A30A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A71 second address: 4A30A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movsx edx, cx 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30A81 second address: 4A30ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F3E949294A6h 0x00000011 mov ebp, esp 0x00000013 jmp 00007F3E949294A0h 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3E9492949Ah 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30ACE second address: 4A30AD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30AD2 second address: 4A30AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0896 second address: 49C08FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3E952D7957h 0x00000008 pushfd 0x00000009 jmp 00007F3E952D7958h 0x0000000e xor si, 5508h 0x00000013 jmp 00007F3E952D794Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e jmp 00007F3E952D7956h 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C08FC second address: 49C0900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0900 second address: 49C0904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0904 second address: 49C090A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C090A second address: 49C090F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20C1A second address: 4A20C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20C1E second address: 4A20C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A3030B second address: 4A3033A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E9492949Dh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A3033A second address: 4A3034A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E952D794Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00B17 second address: 4A00B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00B1E second address: 4A00B93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E952D7953h 0x00000009 sbb ecx, 21CC828Eh 0x0000000f jmp 00007F3E952D7959h 0x00000014 popfd 0x00000015 mov cx, 0197h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d jmp 00007F3E952D794Ah 0x00000022 mov ebp, esp 0x00000024 jmp 00007F3E952D7950h 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F3E952D7957h 0x00000031 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00B93 second address: 4A00BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30C63 second address: 4A30C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30C69 second address: 4A30C80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A3h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A30C80 second address: 4A30CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F3E952D794Eh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007F3E952D794Dh 0x0000001b pop ecx 0x0000001c mov ebx, 522DF2D4h 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49E08A5 second address: 49E08B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49E08B5 second address: 49E08DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov eax, edx 0x0000000d mov dh, C7h 0x0000000f popad 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3E952D7957h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A409CE second address: 4A40A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b call 00007F3E949294A7h 0x00000010 mov ch, C7h 0x00000012 pop ebx 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3E949294A9h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A1E second address: 4A40A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A33 second address: 4A40A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A43 second address: 4A40A59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E952D794Ah 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A59 second address: 4A40A8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F3E949294A8h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E9492949Eh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A8B second address: 4A40A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40A91 second address: 4A40A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40BD9 second address: 4A40BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40BDF second address: 4A40BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0001C second address: 4A00043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3E952D794Dh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00043 second address: 4A00049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00049 second address: 4A00067 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E952D7952h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00067 second address: 4A0006D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0006D second address: 4A0012B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b jmp 00007F3E952D7959h 0x00000010 xchg eax, ecx 0x00000011 pushad 0x00000012 jmp 00007F3E952D794Ch 0x00000017 mov ax, 1361h 0x0000001b popad 0x0000001c push eax 0x0000001d jmp 00007F3E952D7957h 0x00000022 xchg eax, ecx 0x00000023 pushad 0x00000024 mov di, cx 0x00000027 pushfd 0x00000028 jmp 00007F3E952D7950h 0x0000002d or eax, 2328DC58h 0x00000033 jmp 00007F3E952D794Bh 0x00000038 popfd 0x00000039 popad 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F3E952D7952h 0x00000043 and cx, 66B8h 0x00000048 jmp 00007F3E952D794Bh 0x0000004d popfd 0x0000004e movzx eax, di 0x00000051 popad 0x00000052 mov di, EDE8h 0x00000056 popad 0x00000057 push eax 0x00000058 jmp 00007F3E952D794Eh 0x0000005d xchg eax, ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0012B second address: 4A0012F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0012F second address: 4A00135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00135 second address: 4A0013B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0013B second address: 4A00172 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b pushad 0x0000000c mov esi, 31173BBFh 0x00000011 mov ecx, 180DD4DBh 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 jmp 00007F3E952D794Eh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3E952D794Eh 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00172 second address: 4A001A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, C784h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, esi 0x0000000d pushad 0x0000000e mov edi, 564BB4FAh 0x00000013 mov ecx, edi 0x00000015 popad 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3E949294A8h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A001A5 second address: 4A001E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 8214h 0x00000007 mov cx, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e pushad 0x0000000f mov ah, E2h 0x00000011 movsx edx, cx 0x00000014 popad 0x00000015 mov dword ptr [esp], edi 0x00000018 jmp 00007F3E952D7956h 0x0000001d test esi, esi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F3E952D794Ah 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A001E3 second address: 4A001E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A001E9 second address: 4A0020D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E952D794Ch 0x00000009 sbb esi, 66B06F58h 0x0000000f jmp 00007F3E952D794Bh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0020D second address: 4A0024E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 je 00007F3F06E47897h 0x0000000d jmp 00007F3E949294A4h 0x00000012 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3E949294A7h 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0024E second address: 4A00266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E952D7954h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00266 second address: 4A0026A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0026A second address: 4A00320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F3F077F5CFFh 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F3E952D794Dh 0x00000015 add ecx, 2CD945B6h 0x0000001b jmp 00007F3E952D7951h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F3E952D7950h 0x00000027 adc esi, 2524B8D8h 0x0000002d jmp 00007F3E952D794Bh 0x00000032 popfd 0x00000033 popad 0x00000034 mov edx, dword ptr [esi+44h] 0x00000037 pushad 0x00000038 pushad 0x00000039 mov bx, si 0x0000003c mov si, C0DDh 0x00000040 popad 0x00000041 pushfd 0x00000042 jmp 00007F3E952D794Ah 0x00000047 adc ax, 8338h 0x0000004c jmp 00007F3E952D794Bh 0x00000051 popfd 0x00000052 popad 0x00000053 or edx, dword ptr [ebp+0Ch] 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b pushfd 0x0000005c jmp 00007F3E952D7951h 0x00000061 sbb esi, 7A3B89D6h 0x00000067 jmp 00007F3E952D7951h 0x0000006c popfd 0x0000006d popad 0x0000006e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00320 second address: 4A00330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00330 second address: 4A00334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00334 second address: 4A0034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edx, 61000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3E9492949Ah 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0034E second address: 4A0037A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F3F077F5C71h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E952D7955h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A0037A second address: 4A00380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00380 second address: 4A00384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00384 second address: 4A00388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00388 second address: 4A003AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c jmp 00007F3E952D794Fh 0x00000011 jne 00007F3F077F5C44h 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A003AF second address: 4A003B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A003B3 second address: 4A003CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7957h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A003CE second address: 4A003E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A003E6 second address: 4A003EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20040 second address: 4A2004F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2004F second address: 4A2008D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F3E952D794Eh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F3E952D794Ah 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2008D second address: 4A20093 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20093 second address: 4A20099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20099 second address: 4A20105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f mov eax, 1757850Dh 0x00000014 mov ecx, 02846509h 0x00000019 popad 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F3E949294A1h 0x00000024 sbb si, 0496h 0x00000029 jmp 00007F3E949294A1h 0x0000002e popfd 0x0000002f call 00007F3E949294A0h 0x00000034 pop esi 0x00000035 popad 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20105 second address: 4A2010B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2010B second address: 4A20222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F3E9492949Bh 0x00000011 xchg eax, ebx 0x00000012 jmp 00007F3E949294A6h 0x00000017 xchg eax, esi 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F3E9492949Eh 0x0000001f or ax, 7978h 0x00000024 jmp 00007F3E9492949Bh 0x00000029 popfd 0x0000002a mov bx, cx 0x0000002d popad 0x0000002e push eax 0x0000002f jmp 00007F3E949294A5h 0x00000034 xchg eax, esi 0x00000035 pushad 0x00000036 call 00007F3E9492949Ch 0x0000003b pushfd 0x0000003c jmp 00007F3E949294A2h 0x00000041 xor esi, 08765E38h 0x00000047 jmp 00007F3E9492949Bh 0x0000004c popfd 0x0000004d pop ecx 0x0000004e jmp 00007F3E949294A9h 0x00000053 popad 0x00000054 mov esi, dword ptr [ebp+08h] 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushfd 0x0000005b jmp 00007F3E949294A3h 0x00000060 adc cl, 0000005Eh 0x00000063 jmp 00007F3E949294A9h 0x00000068 popfd 0x00000069 pushfd 0x0000006a jmp 00007F3E949294A0h 0x0000006f add ax, 5D58h 0x00000074 jmp 00007F3E9492949Bh 0x00000079 popfd 0x0000007a popad 0x0000007b rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20222 second address: 4A20281 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7959h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b jmp 00007F3E952D7957h 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F3E952D794Bh 0x0000001a jmp 00007F3E952D7958h 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20281 second address: 4A202B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 mov si, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F3F06E1F597h 0x00000012 jmp 00007F3E9492949Fh 0x00000017 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001e pushad 0x0000001f mov di, si 0x00000022 mov bx, cx 0x00000025 popad 0x00000026 mov ecx, esi 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A202B9 second address: 4A202BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A202BD second address: 4A202C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A202C3 second address: 4A20309 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 mov si, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F3F077CDA1Ah 0x00000012 jmp 00007F3E952D794Bh 0x00000017 test byte ptr [76FA6968h], 00000002h 0x0000001e jmp 00007F3E952D7956h 0x00000023 jne 00007F3F077CD9FFh 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c push ebx 0x0000002d pop ecx 0x0000002e popad 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20309 second address: 4A20400 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 3286h 0x00000007 call 00007F3E949294A7h 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov edx, dword ptr [ebp+0Ch] 0x00000013 jmp 00007F3E9492949Fh 0x00000018 xchg eax, ebx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F3E949294A4h 0x00000020 or ch, FFFFFF88h 0x00000023 jmp 00007F3E9492949Bh 0x00000028 popfd 0x00000029 pushfd 0x0000002a jmp 00007F3E949294A8h 0x0000002f or al, FFFFFFE8h 0x00000032 jmp 00007F3E9492949Bh 0x00000037 popfd 0x00000038 popad 0x00000039 push eax 0x0000003a jmp 00007F3E949294A9h 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007F3E9492949Ch 0x00000047 or ecx, 68BA9F78h 0x0000004d jmp 00007F3E9492949Bh 0x00000052 popfd 0x00000053 mov ebx, esi 0x00000055 popad 0x00000056 xchg eax, ebx 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushfd 0x0000005b jmp 00007F3E949294A7h 0x00000060 jmp 00007F3E949294A3h 0x00000065 popfd 0x00000066 mov ecx, 32E1E37Fh 0x0000006b popad 0x0000006c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20400 second address: 4A2042A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7955h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dx, ECB2h 0x0000000f mov cx, bx 0x00000012 popad 0x00000013 xchg eax, ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2042A second address: 4A2042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2042E second address: 4A20434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A2048E second address: 4A204A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E949294A6h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A204A8 second address: 4A204F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jmp 00007F3E952D7957h 0x0000000e pop ebx 0x0000000f jmp 00007F3E952D7956h 0x00000014 mov esp, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 call 00007F3E952D794Dh 0x0000001e pop esi 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A10087 second address: 4A10097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61A57 second address: 4A61A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61A5B second address: 4A61A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61A61 second address: 4A61B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dx, 9964h 0x0000000f movsx edx, cx 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F3E952D7954h 0x00000019 mov ebp, esp 0x0000001b jmp 00007F3E952D7950h 0x00000020 push 0000007Fh 0x00000022 pushad 0x00000023 push ecx 0x00000024 movsx edi, cx 0x00000027 pop eax 0x00000028 pushfd 0x00000029 jmp 00007F3E952D794Fh 0x0000002e sbb ecx, 25C7758Eh 0x00000034 jmp 00007F3E952D7959h 0x00000039 popfd 0x0000003a popad 0x0000003b push 00000001h 0x0000003d jmp 00007F3E952D794Eh 0x00000042 push dword ptr [ebp+08h] 0x00000045 pushad 0x00000046 push esi 0x00000047 pushfd 0x00000048 jmp 00007F3E952D794Dh 0x0000004d sub ecx, 5832B876h 0x00000053 jmp 00007F3E952D7951h 0x00000058 popfd 0x00000059 pop eax 0x0000005a push eax 0x0000005b push edx 0x0000005c mov edi, 474BD3B2h 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61B83 second address: 4A61B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61B87 second address: 4A61B8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61B8B second address: 4A61B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A61B91 second address: 4A61A57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c lea eax, dword ptr [ebp-10h] 0x0000000f push eax 0x00000010 call ebx 0x00000012 mov edi, edi 0x00000014 pushad 0x00000015 jmp 00007F3E952D794Eh 0x0000001a jmp 00007F3E952D7952h 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F3E952D794Ah 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: FDD8F8 second address: FDD8FD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C048F second address: 49C0495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0495 second address: 49C049B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C049B second address: 49C049F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C049F second address: 49C04A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C04A3 second address: 49C04C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3E952D794Dh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3E952D794Dh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C04C9 second address: 49C04CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C04CF second address: 49C04D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C04D3 second address: 49C0552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F3E949294A6h 0x00000012 xchg eax, ecx 0x00000013 jmp 00007F3E949294A0h 0x00000018 push eax 0x00000019 jmp 00007F3E9492949Bh 0x0000001e xchg eax, ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F3E9492949Bh 0x00000028 adc ch, 0000004Eh 0x0000002b jmp 00007F3E949294A9h 0x00000030 popfd 0x00000031 mov di, si 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0552 second address: 49C0558 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0558 second address: 49C0583 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [ebp-04h], 00000000h 0x0000000f pushad 0x00000010 mov dx, ax 0x00000013 mov esi, 03A7EE37h 0x00000018 popad 0x00000019 lea eax, dword ptr [ebp-04h] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0583 second address: 49C0587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C0587 second address: 49C05D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F3E949294A0h 0x0000000b mov bh, cl 0x0000000d pop edx 0x0000000e popad 0x0000000f nop 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F3E949294A6h 0x00000019 jmp 00007F3E949294A5h 0x0000001e popfd 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C05D2 second address: 49C05EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7950h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C05EA second address: 49C0602 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C068D second address: 49C069D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C069D second address: 49C06A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C06A1 second address: 49C06B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7950h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C06B5 second address: 49C06C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C06C7 second address: 49C06EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F3F0624331Bh 0x00000011 pushad 0x00000012 mov ecx, 11E17E3Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ax, F0EDh 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49C06EA second address: 49C0773 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3E9492949Ah 0x00000008 add si, 5888h 0x0000000d jmp 00007F3E9492949Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov eax, dword ptr [ebp-04h] 0x00000019 pushad 0x0000001a mov cx, B61Bh 0x0000001e pushfd 0x0000001f jmp 00007F3E949294A0h 0x00000024 jmp 00007F3E949294A5h 0x00000029 popfd 0x0000002a popad 0x0000002b leave 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 pushfd 0x00000032 jmp 00007F3E949294A9h 0x00000037 adc ax, 4FB6h 0x0000003c jmp 00007F3E949294A1h 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49A0BF4 second address: 49A0BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49A0BF8 second address: 49A0BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 49A0BFE second address: 49A0C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 movzx eax, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F3E952D7950h 0x00000012 mov dword ptr [esp], ebp 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F3E952D794Ch 0x0000001e jmp 00007F3E952D7955h 0x00000023 popfd 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A500F6 second address: 4A500FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A500FC second address: 4A50102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A50102 second address: 4A50106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20DE5 second address: 4A20E11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E952D7957h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E11 second address: 4A20E35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E35 second address: 4A20E39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E39 second address: 4A20E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E3F second address: 4A20E45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E45 second address: 4A20E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E49 second address: 4A20E7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F3E952D7953h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3E952D7955h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A20E7E second address: 4A20EBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E949294A7h 0x00000009 add eax, 400004DEh 0x0000000f jmp 00007F3E949294A9h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00DBA second address: 4A00DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00DC0 second address: 4A00DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A00DC4 second address: 4A00DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F3E952D794Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 mov bx, ax 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A801CB second address: 4A801F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E9492949Dh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A801F4 second address: 4A801FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A801FA second address: 4A80250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b jmp 00007F3E9492949Bh 0x00000010 pop ecx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F3E9492949Fh 0x00000018 sub esi, 44097BCEh 0x0000001e jmp 00007F3E949294A9h 0x00000023 popfd 0x00000024 mov ax, F9D7h 0x00000028 popad 0x00000029 popad 0x0000002a xchg eax, ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov esi, edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80250 second address: 4A80255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80255 second address: 4A80285 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E9492949Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bl, 6Dh 0x00000010 jmp 00007F3E949294A6h 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80285 second address: 4A8029A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 mov dx, F3F0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push dword ptr [ebp+0Ch] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov bh, 22h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A8029A second address: 4A802C6 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F3E9492949Ch 0x00000008 or cx, 0C38h 0x0000000d jmp 00007F3E9492949Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A802C6 second address: 4A802CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A802CA second address: 4A802D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A802D0 second address: 4A80323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F3E952D794Fh 0x00000009 jmp 00007F3E952D7953h 0x0000000e popfd 0x0000000f mov ax, CF3Fh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 call 00007F3E952D7949h 0x0000001b pushad 0x0000001c movzx eax, di 0x0000001f push edi 0x00000020 pushad 0x00000021 popad 0x00000022 pop esi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F3E952D794Eh 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80323 second address: 4A80327 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80327 second address: 4A8032D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A8032D second address: 4A8033E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E9492949Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A8033E second address: 4A80387 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7951h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F3E952D7951h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jmp 00007F3E952D7951h 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80387 second address: 4A8038D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A803C2 second address: 4A803C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A803C6 second address: 4A803CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A803CC second address: 4A803DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3E952D794Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A803DD second address: 4A8040C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b movzx eax, al 0x0000000e jmp 00007F3E9492949Eh 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A8040C second address: 4A80410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80410 second address: 4A80416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A80416 second address: 4A8041C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A8041C second address: 4A80420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A403F6 second address: 4A403FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A403FC second address: 4A40430 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e mov di, 9232h 0x00000012 mov edx, 38019F7Eh 0x00000017 popad 0x00000018 movsx edi, si 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push ebx 0x00000021 pop ecx 0x00000022 push ebx 0x00000023 pop eax 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40430 second address: 4A40436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40436 second address: 4A4043A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4043A second address: 4A40464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F3E952D7950h 0x00000012 and esp, FFFFFFF0h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40464 second address: 4A4049D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3E949294A3h 0x0000000a adc ecx, 045F6EEEh 0x00000010 jmp 00007F3E949294A9h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4049D second address: 4A404A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A404A3 second address: 4A404C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 44h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3E949294A2h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A404C2 second address: 4A404F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007F3E952D7952h 0x00000013 add al, FFFFFFF8h 0x00000016 jmp 00007F3E952D794Bh 0x0000001b popfd 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A404F7 second address: 4A4051E instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3E949294A8h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4051E second address: 4A4052D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D794Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4052D second address: 4A4055A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3E9492949Dh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4055A second address: 4A40599 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 movzx esi, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F3E952D7950h 0x00000012 mov dword ptr [esp], esi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F3E952D794Ch 0x0000001e or ch, FFFFFFA8h 0x00000021 jmp 00007F3E952D794Bh 0x00000026 popfd 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40599 second address: 4A405E1 instructions: 0x00000000 rdtsc 0x00000002 call 00007F3E949294A8h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a movsx edx, si 0x0000000d popad 0x0000000e xchg eax, edi 0x0000000f jmp 00007F3E9492949Ah 0x00000014 push eax 0x00000015 pushad 0x00000016 mov bh, 79h 0x00000018 mov dx, ax 0x0000001b popad 0x0000001c xchg eax, edi 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3E949294A0h 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A405E1 second address: 4A4067B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7952h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c mov edi, dword ptr [ebp+08h] 0x0000000f pushad 0x00000010 jmp 00007F3E952D7959h 0x00000015 pushfd 0x00000016 jmp 00007F3E952D7950h 0x0000001b sbb eax, 67857158h 0x00000021 jmp 00007F3E952D794Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esp+24h], 00000000h 0x00000030 pushad 0x00000031 mov dx, si 0x00000034 jmp 00007F3E952D7950h 0x00000039 popad 0x0000003a lock bts dword ptr [edi], 00000000h 0x0000003f jmp 00007F3E952D7950h 0x00000044 jc 00007F3F0775970Ch 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d push ebx 0x0000004e pop esi 0x0000004f pushad 0x00000050 popad 0x00000051 popad 0x00000052 rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A4067B second address: 4A40697 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E949294A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\OUZXNOqKXg.exe | RDTSC instruction interceptor: First address: 4A40697 second address: 4A406C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3E952D7953h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a movzx eax, bx 0x0000000d call 00007F3E952D794Bh 0x00000012 pop ecx 0x00000013 popad 0x00000014 popad 0x00000015 pop esi 0x00000016 pushad 0x00000017 pushad 0x00000018 mov ax, dx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\Dk&Ven_VMware&P |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B07000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW(c |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}ses_1 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000688000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWen-GBn |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696 |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: .comVMware20,11696428 |
Source: MPGPH131.exe, 00000007.00000002.2495829524.00000000006EA000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000& |
Source: Amcache.hve.12.dr | Binary or memory string: vmci.sys |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ebrokers.co.inVMware20,11696428655d |
Source: Amcache.hve.12.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.12.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.12.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.12.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}CCr |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000) |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \?\scsi_vmwaretual_dif219&0&3f563070-94f2-b8b}arq |
Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000002.2505470223.00000000011D2000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000002.2352860524.0000000001302000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000D.00000002.2420492975.0000000001302000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__ |
Source: Amcache.hve.12.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: discord.comVMware20,11696428655f |
Source: RageMP131.exe, 0000000D.00000003.2323284055.0000000000C08000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Interactive Brokers - GDCDYNVMware20,116 |
Source: Amcache.hve.12.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: Amcache.hve.12.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW4.# |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}) |
Source: MPGPH131.exe, 00000007.00000002.2495829524.000000000074D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_9E83B3C8 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_9E83B3C8T< |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: s.portal.azure.comVMware20,11696428655 |
Source: Amcache.hve.12.dr | Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.12.dr | Binary or memory string: vmci.syshbin` |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: Amcache.hve.12.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000B90000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&R |
Source: OUZXNOqKXg.exe, 00000000.00000002.2505288187.0000000000FB2000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000006.00000002.2505266709.00000000011D2000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000002.2505470223.00000000011D2000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000002.2352860524.0000000001302000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 0000000D.00000002.2420492975.0000000001302000.00000040.00000001.01000000.00000006.sdmp | Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please, |
Source: MPGPH131.exe, 00000006.00000002.2514884667.0000000007DE3000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}FilesPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: billing_address_id.comVMware20,11696428 |
Source: Amcache.hve.12.dr | Binary or memory string: VMware |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: .utiitsl.comVMware20,1169642865 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: global block list test formVMware20,11696428655 |
Source: RageMP131.exe, 00000008.00000003.2274651037.0000000000E00000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}( |
Source: Amcache.hve.12.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: MPGPH131.exe, 00000006.00000003.2144501333.0000000000B1D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11 |
Source: OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000658000.00000004.00000020.00020000.00000000.sdmp, OUZXNOqKXg.exe, 00000000.00000002.2496012876.0000000000697000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000077E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.2495829524.000000000073B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000E1B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.2351837318.0000000000E35000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000BED000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000D.00000002.2419611346.0000000000C22000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: MPGPH131.exe, 00000007.00000003.2275309335.0000000007925000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}7 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: RageMP131.exe, 00000008.00000002.2351837318.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}5 |
Source: RageMP131.exe, 0000000D.00000003.2323284055.0000000000C06000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}1 |
Source: Amcache.hve.12.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: OUZXNOqKXg.exe, 00000000.00000002.2513399708.00000000075D8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\Profiles\v6zchhhv.default-release\signons.sqlite |
Source: RageMP131.exe, 0000000D.00000002.2419611346.0000000000C00000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}d |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: nickname.utiitsl.comVMware20,1169642865 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: MPGPH131.exe, 00000007.00000003.2276669635.00000000007D0000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}` |
Source: Amcache.hve.12.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.12.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.12.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.12.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: Amcache.hve.12.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: MPGPH131.exe, 00000006.00000003.2273104760.0000000007A19000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ra Change Transaction PasswordVMware20,11696428655 |
Source: Amcache.hve.12.dr | Binary or memory string: VMware VMCI Bus Device |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: Amcache.hve.12.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: MPGPH131.exe, 00000006.00000003.2279686406.00000000079CC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.je,y.je,z.je,a.mr,b.mr,c.mr,d.mr,e.mr,f.mr,g.mr,h.mr,i.mr,j.mr,k.mr,l.mr,m.mr,n.mr,o.mr,p.mr,q.mr,r.mr,s. |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: Amcache.hve.12.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.12.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.12.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.12.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: _vmware |
Source: Amcache.hve.12.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: Amcache.hve.12.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: RpnqHn0hU1iAWeb Data.0.dr | Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: Amcache.hve.12.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.12.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: MPGPH131.exe, 00000006.00000002.2495907015.0000000000B36000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWL |