Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe68.01t4 |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exe |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exet |
Source: RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1965122157.00000000081D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1831725867.00000000081D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exe |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exe; |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exeuu |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe0.225 |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe4 |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exeKu |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exelibermg |
Source: Amcache.hve.11.dr |
String found in binary or memory: http://upx.sf.net |
Source: RY5YJaMEWE.exe, 00000000.00000002.1966634727.0000000000E91000.00000040.00000001.01000000.00000003.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1607062296.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.1987575469.0000000000D31000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1676041729.0000000005620000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1927863301.0000000000D31000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1828117687.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1963824301.0000000000E71000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000013.00000002.2099361806.0000000000E71000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000013.00000003.1916661548.00000000056A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.00000000016F0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/3d; |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/?d |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225 |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.2255% |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225= |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225D |
Source: RageMP131.exe, 00000008.00000002.1967086376.00000000016F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225T |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/k/ |
Source: RageMP131.exe, 00000008.00000002.1967086376.00000000016F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/y |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018C0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001A8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225 |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225A |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.0000000001737000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225P |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018C0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018B5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/TV |
Source: RY5YJaMEWE.exe, 00000000.00000002.1966634727.0000000000E91000.00000040.00000001.01000000.00000003.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1607062296.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.1987575469.0000000000D31000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.1676041729.0000000005620000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1927863301.0000000000D31000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000008.00000003.1828117687.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1963824301.0000000000E71000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000013.00000002.2099361806.0000000000E71000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000013.00000003.1916661548.00000000056A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: MPGPH131.exe, 00000006.00000002.1928633812.000000000187A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001ACD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/s |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000080C000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.0000000001969000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.000000000186B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.000000000168A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001A8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225 |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001A8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.2256 |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000080C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225F |
Source: MPGPH131.exe, 00000006.00000002.1928633812.000000000186B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225g |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019B6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225xD7 |
Source: MPGPH131.exe, 00000005.00000002.2003412221.0000000001957000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/y |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000082A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.00000000018C0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001A8B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225 |
Source: RageMP131.exe, 00000008.00000002.1967086376.00000000016D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225m |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF |
Source: RY5YJaMEWE.exe, 00000000.00000003.1731614318.0000000007890000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1796854496.0000000008218000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791710392.00000000081EB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1792026941.000000000820B000.00000004.00000020.00020000.00000000.sdmp, uCxVeEHNaogpHistory.6.dr, 0vRICwDDA0AEHistory.6.dr, mQv7wn9CFqHtHistory.0.dr, OwXvTgbw3rfMHistory.0.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: uCxVeEHNaogpHistory.6.dr, 0vRICwDDA0AEHistory.6.dr, mQv7wn9CFqHtHistory.0.dr, OwXvTgbw3rfMHistory.0.dr |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: RY5YJaMEWE.exe, 00000000.00000003.1731614318.0000000007890000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1796854496.0000000008218000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791710392.00000000081EB000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1792026941.000000000820B000.00000004.00000020.00020000.00000000.sdmp, uCxVeEHNaogpHistory.6.dr, 0vRICwDDA0AEHistory.6.dr, mQv7wn9CFqHtHistory.0.dr, OwXvTgbw3rfMHistory.0.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: uCxVeEHNaogpHistory.6.dr, 0vRICwDDA0AEHistory.6.dr, mQv7wn9CFqHtHistory.0.dr, OwXvTgbw3rfMHistory.0.dr |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000079E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2003412221.000000000192D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1928633812.000000000183A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1800568214.00000000081E4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1964682941.0000000008180000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.1967086376.000000000164E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001A8B000.00000004.00000020.00020000.00000000.sdmp, ayJ4OMtTVlGKUrWcidqotQg.zip.0.dr, KF_fRlziJ7p5GphJKRn0mxX.zip.6.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1964682941.0000000008180000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORT= |
Source: MPGPH131.exe, 00000006.00000002.1928633812.000000000183A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTE |
Source: MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTGb |
Source: MPGPH131.exe, 00000006.00000002.1964682941.0000000008180000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTI |
Source: RageMP131.exe, 00000008.00000002.1967086376.000000000164E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTc. |
Source: RY5YJaMEWE.exe, 00000000.00000002.1964458853.000000000079E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTr |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro7 |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro79 |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000013.00000002.2100259197.0000000001B73000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.dr, passwords.txt.6.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_bot#; |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_bot)eV |
Source: RageMP131.exe, 00000008.00000002.1967086376.00000000016F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botisepro_bot |
Source: MPGPH131.exe, 00000005.00000002.2003412221.00000000019C2000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botisepro_botkt |
Source: MPGPH131.exe, 00000006.00000002.1928633812.00000000018D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botlater |
Source: RageMP131.exe, 00000008.00000002.1967086376.00000000016F0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botlaterH |
Source: RageMP131.exe, 00000013.00000002.2100259197.0000000001B11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botv |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RY5YJaMEWE.exe, 00000000.00000003.1733342484.00000000078AB000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732051317.00000000078A2000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731309434.0000000007883000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1790390523.00000000081FC000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793099877.000000000820B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797813192.0000000008229000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1793113278.000000000822D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1788630015.00000000081F4000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1789494955.0000000008206000.00000004.00000020.00020000.00000000.sdmp, ABmIzarrvOTcWeb Data.6.dr, MSpOulrR3IH2Web Data.6.dr, 5yrwZseMxE54Web Data.6.dr, L8kilZRULjEnWeb Data.0.dr, xi_e3rZqjpmOWeb Data.0.dr, gP77Ft0tqGf_Web Data.0.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RY5YJaMEWE.exe, MPGPH131.exe |
String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1964682941.00000000081BF000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1965122157.00000000081D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1831725867.00000000081D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: RY5YJaMEWE.exe, 00000000.00000002.1971808377.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731472266.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732456732.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1783043958.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732335452.000000000786A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1798274470.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1815613084.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1814996204.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1794402666.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1800915682.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797481502.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1788747211.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1859115974.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1792487402.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791784189.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793588263.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1789360691.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2006473313.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1801682548.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1789758790.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791339914.00000000081E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: MPGPH131.exe, 00000006.00000002.1964682941.00000000081BF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/L |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/X |
Source: D87fZN3R3jFeplaces.sqlite.0.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1964682941.00000000081BF000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.1965122157.00000000081D1000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.1831725867.00000000081D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: MPGPH131.exe, 00000006.00000002.1964682941.00000000081BF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/efox/U |
Source: MPGPH131.exe, 00000005.00000002.2006431706.0000000008180000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/esktop |
Source: RY5YJaMEWE.exe, 00000000.00000002.1971808377.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1731472266.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732456732.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1783043958.000000000786A000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000003.1732335452.000000000786A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1798274470.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1815613084.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1814996204.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1794402666.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1800915682.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1797481502.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1788747211.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1859115974.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1792487402.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791784189.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1793588263.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1789360691.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.2006473313.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1801682548.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1789758790.00000000081E3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.1791339914.00000000081E3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RY5YJaMEWE.exe, 00000000.00000003.1782829200.000000000781E000.00000004.00000020.00020000.00000000.sdmp, RY5YJaMEWE.exe, 00000000.00000002.1971682167.000000000781E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1026934 second address: 102693E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 119D1D0 second address: 119D1D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A64BA second address: 11A64C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A64C4 second address: 11A64C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A64C8 second address: 11A64FD instructions: 0x00000000 rdtsc 0x00000002 je 00007F6F2CCA62E6h 0x00000008 jmp 00007F6F2CCA62F5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6F2CCA62F2h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A665A second address: 11A6674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6F2CD44EC1h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A6674 second address: 11A6678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A6678 second address: 11A668B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 js 00007F6F2CD44EC2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A67CE second address: 11A67D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A67D4 second address: 11A67ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC4h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9D1C second address: 11A9D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9D20 second address: 11A9D36 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c jo 00007F6F2CD44EC4h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9E16 second address: 11A9E9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CCA62F8h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ebx 0x0000000f jns 00007F6F2CCA62ECh 0x00000015 pop ebx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jp 00007F6F2CCA62F2h 0x00000020 mov eax, dword ptr [eax] 0x00000022 jo 00007F6F2CCA62F8h 0x00000028 jmp 00007F6F2CCA62F2h 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 pushad 0x00000032 jno 00007F6F2CCA62F0h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F6F2CCA62F1h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9E9D second address: 11A9EDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 cld 0x00000009 lea ebx, dword ptr [ebp+12456C13h] 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F6F2CD44EB8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov dl, 4Fh 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F6F2CD44EBCh 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9EDF second address: 11A9EF1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6F2CCA62E8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9EF1 second address: 11A9EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9F31 second address: 11A9F92 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jng 00007F6F2CCA62ECh 0x00000010 pop eax 0x00000011 nop 0x00000012 mov edx, 7247E802h 0x00000017 jmp 00007F6F2CCA62F9h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F6F2CCA62E8h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 00000016h 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 cmc 0x00000039 push 8513D13Ch 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9F92 second address: 11A9F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A9F96 second address: 11AA002 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6F2CCA62E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F6F2CCA62ECh 0x00000010 jno 00007F6F2CCA62E6h 0x00000016 popad 0x00000017 add dword ptr [esp], 7AEC2F44h 0x0000001e mov esi, 51B74394h 0x00000023 push 00000003h 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007F6F2CCA62E8h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f movsx esi, bx 0x00000042 mov edi, dword ptr [ebp+122D2B6Eh] 0x00000048 push 00000000h 0x0000004a adc dx, 2342h 0x0000004f push 00000003h 0x00000051 mov dword ptr [ebp+122D3274h], eax 0x00000057 push 9E9383EDh 0x0000005c push eax 0x0000005d push edx 0x0000005e push esi 0x0000005f pushad 0x00000060 popad 0x00000061 pop esi 0x00000062 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA002 second address: 11AA055 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6F2CD44EB8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 216C7C13h 0x00000013 lea ebx, dword ptr [ebp+12456C1Ch] 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F6F2CD44EB8h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 xchg eax, ebx 0x00000034 jne 00007F6F2CD44EC4h 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA055 second address: 11AA059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA059 second address: 11AA06F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA206 second address: 11AA21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA21B second address: 11AA27C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6F2CD44EB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 26BB09A1h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F6F2CD44EB8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b lea ebx, dword ptr [ebp+12456C27h] 0x00000031 push 00000000h 0x00000033 push ebx 0x00000034 call 00007F6F2CD44EB8h 0x00000039 pop ebx 0x0000003a mov dword ptr [esp+04h], ebx 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc ebx 0x00000047 push ebx 0x00000048 ret 0x00000049 pop ebx 0x0000004a ret 0x0000004b mov si, C6CCh 0x0000004f push eax 0x00000050 push ecx 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA27C second address: 11AA280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11AA280 second address: 11AA284 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11BB7F7 second address: 11BB7FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11BB7FD second address: 11BB801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11CA460 second address: 11CA46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11CA46D second address: 11CA473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C82C8 second address: 11C82D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 119806C second address: 1198070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8446 second address: 11C8462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F7h 0x00000009 pop edi 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8462 second address: 11C847B instructions: 0x00000000 rdtsc 0x00000002 js 00007F6F2CD44EC3h 0x00000008 jmp 00007F6F2CD44EBBh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C847B second address: 11C847F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A73 second address: 11C8A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A7B second address: 11C8A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A86 second address: 11C8A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A8B second address: 11C8A95 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6F2CCA62F2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A95 second address: 11C8A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8A9B second address: 11C8AB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F6F2CCA62F2h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C8AB5 second address: 11C8ABB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C92CE second address: 11C92D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C92D3 second address: 11C92ED instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F2CD44EBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007F6F2CD44EB6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C92ED second address: 11C92F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C943D second address: 11C9453 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC1h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C9453 second address: 11C945B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11BDCEB second address: 11BDCFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6F2CD44EBAh 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11BDCFF second address: 11BDD36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 jne 00007F6F2CCA62E6h 0x0000000c jmp 00007F6F2CCA62F6h 0x00000011 pop ecx 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F6F2CCA62EFh 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11BDD36 second address: 11BDD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC9h 0x00000009 pop ebx 0x0000000a push esi 0x0000000b jmp 00007F6F2CD44EBEh 0x00000010 jmp 00007F6F2CD44EBBh 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F6F2CD44EBDh 0x0000001d jnp 00007F6F2CD44EB6h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C9590 second address: 11C9594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11C9B2D second address: 11C9B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6F2CD44EB6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1194ADB second address: 1194AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6F2CCA62F7h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1194AF8 second address: 1194B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1194B02 second address: 1194B19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1194B19 second address: 1194B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1194B1F second address: 1194B23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D623B second address: 11D6241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D637C second address: 11D638C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62ECh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D638C second address: 11D63A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D6665 second address: 11D6684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F4h 0x00000009 pop edx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D7418 second address: 11D741C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D74B4 second address: 11D74F1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6F2CCA62F9h 0x00000008 jmp 00007F6F2CCA62F3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xor dword ptr [esp], 304D5261h 0x00000016 mov dword ptr [ebp+122D1B84h], esi 0x0000001c call 00007F6F2CCA62E9h 0x00000021 js 00007F6F2CCA62F0h 0x00000027 push eax 0x00000028 push edx 0x00000029 push ecx 0x0000002a pop ecx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D74F1 second address: 11D7507 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007F6F2CD44EC4h 0x0000000d pushad 0x0000000e jg 00007F6F2CD44EB6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D7507 second address: 11D753E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edx 0x0000000a jno 00007F6F2CCA62E8h 0x00000010 pop edx 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F6F2CCA62EAh 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d pushad 0x0000001e jmp 00007F6F2CCA62F0h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D753E second address: 11D7547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D7679 second address: 11D767F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D767F second address: 11D7683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D7683 second address: 11D7691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D7691 second address: 11D7696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D795D second address: 11D7961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D80B8 second address: 11D80CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC2h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D80CF second address: 11D80E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F6F2CCA62E6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f js 00007F6F2CCA62F8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D80E8 second address: 11D80EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D80EC second address: 11D80F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D83DD second address: 11D83E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D83E2 second address: 11D83E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D868A second address: 11D86DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F6F2CD44EB8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 add edi, 6F1E0652h 0x0000002b pushad 0x0000002c sub edi, 7FD48DA6h 0x00000032 jmp 00007F6F2CD44EBEh 0x00000037 popad 0x00000038 xchg eax, ebx 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D86DC second address: 11D86E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D979E second address: 11D97A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D95B7 second address: 11D95D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F7h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D97A2 second address: 11D97BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F6F2CD44EBCh 0x00000010 pop ebx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11D95D3 second address: 11D95D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA7A3 second address: 11DA818 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F6F2CD44EBFh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F6F2CD44EB8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 push eax 0x00000028 mov esi, dword ptr [ebp+122D2BD6h] 0x0000002e pop edi 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F6F2CD44EB8h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D1B74h], edx 0x00000051 push 00000000h 0x00000053 mov dword ptr [ebp+12450FD5h], edi 0x00000059 xchg eax, ebx 0x0000005a pushad 0x0000005b jng 00007F6F2CD44EBCh 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA083 second address: 11DA0A8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6F2CCA62F3h 0x00000008 jmp 00007F6F2CCA62EDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push edx 0x00000012 jg 00007F6F2CCA62E6h 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA818 second address: 11DA841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC0h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d ja 00007F6F2CD44EB6h 0x00000013 jp 00007F6F2CD44EB6h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA841 second address: 11DA845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBDE7 second address: 11DBE0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F6F2CD44EBCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBE0B second address: 11DBE10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBE10 second address: 11DBE84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+124799C3h], eax 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007F6F2CD44EB8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c mov dword ptr [ebp+122D1D0Ah], esi 0x00000032 jmp 00007F6F2CD44EC0h 0x00000037 push 00000000h 0x00000039 xor di, 5203h 0x0000003e xchg eax, ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 jc 00007F6F2CD44EB6h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBE84 second address: 11DBE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBE89 second address: 11DBE9E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6F2CD44EBCh 0x00000008 jne 00007F6F2CD44EB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DBE9E second address: 11DBEB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6F2CCA62E6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6F2CCA62ECh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DC968 second address: 11DC975 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DC68D second address: 11DC691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DC691 second address: 11DC6B8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F6F2CD44EC1h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pushad 0x00000019 popad 0x0000001a pop esi 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DDEC5 second address: 11DDF70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jns 00007F6F2CCA6302h 0x00000010 nop 0x00000011 pushad 0x00000012 jp 00007F6F2CCA62ECh 0x00000018 mov ecx, dword ptr [ebp+122D2BDEh] 0x0000001e ja 00007F6F2CCA62EBh 0x00000024 popad 0x00000025 push 00000000h 0x00000027 pushad 0x00000028 push ebx 0x00000029 cmc 0x0000002a pop esi 0x0000002b mov di, ax 0x0000002e popad 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F6F2CCA62E8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Ah 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b xor dword ptr [ebp+124513D6h], esi 0x00000051 pushad 0x00000052 add dword ptr [ebp+124799C3h], ecx 0x00000058 jc 00007F6F2CCA62F2h 0x0000005e jmp 00007F6F2CCA62ECh 0x00000063 popad 0x00000064 push eax 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DDF70 second address: 11DDF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E378D second address: 11E3792 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E3792 second address: 11E37FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F6F2CD44EB6h 0x00000012 popad 0x00000013 pop ebx 0x00000014 nop 0x00000015 adc ebx, 67A50C85h 0x0000001b push 00000000h 0x0000001d xor dword ptr [ebp+122D2D2Dh], eax 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F6F2CD44EB8h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f sub dword ptr [ebp+122D2C33h], ecx 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F6F2CD44EC6h 0x0000004d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E2989 second address: 11E298F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E298F second address: 11E2993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E3955 second address: 11E3A09 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F6F2CCA62E6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f or dword ptr [ebp+122D1A42h], ebx 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F6F2CCA62E8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d sub edi, 71818261h 0x00000043 mov eax, dword ptr [ebp+122D1579h] 0x00000049 push 00000000h 0x0000004b push eax 0x0000004c call 00007F6F2CCA62E8h 0x00000051 pop eax 0x00000052 mov dword ptr [esp+04h], eax 0x00000056 add dword ptr [esp+04h], 0000001Dh 0x0000005e inc eax 0x0000005f push eax 0x00000060 ret 0x00000061 pop eax 0x00000062 ret 0x00000063 jmp 00007F6F2CCA62F9h 0x00000068 push FFFFFFFFh 0x0000006a mov bl, ah 0x0000006c nop 0x0000006d pushad 0x0000006e jmp 00007F6F2CCA62F9h 0x00000073 push eax 0x00000074 push edx 0x00000075 jp 00007F6F2CCA62E6h 0x0000007b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E586D second address: 11E588D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CD44EC2h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E3A09 second address: 11E3A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E588D second address: 11E5894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E3A0D second address: 11E3A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jnl 00007F6F2CCA62E6h 0x00000012 popad 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E5B14 second address: 11E5B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E5B1B second address: 11E5B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E5B21 second address: 11E5B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E5B25 second address: 11E5B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6F2CCA62F7h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E6B15 second address: 11E6B2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E6B2A second address: 11E6B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E8B9D second address: 11E8BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11EA6E3 second address: 11EA6FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CCA62F4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11EA6FB second address: 11EA6FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E99B5 second address: 11E99C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11EA6FF second address: 11EA71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F6F2CD44EBCh 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E99C4 second address: 11E9A51 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6F2CCA62E8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F6F2CCA62E8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2124h], edi 0x0000002f sub dword ptr [ebp+12479538h], edx 0x00000035 push dword ptr fs:[00000000h] 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F6F2CCA62E8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000015h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov ebx, esi 0x00000058 mov dword ptr fs:[00000000h], esp 0x0000005f sub dword ptr [ebp+122D301Bh], ebx 0x00000065 mov eax, dword ptr [ebp+122D06C5h] 0x0000006b push FFFFFFFFh 0x0000006d push esi 0x0000006e mov edi, dword ptr [ebp+122D212Bh] 0x00000074 pop edi 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 jc 00007F6F2CCA62E8h 0x0000007e push eax 0x0000007f pop eax 0x00000080 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11EB997 second address: 11EB9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a je 00007F6F2CD44EB6h 0x00000010 pop eax 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11EC9E5 second address: 11ECA44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D2C04h] 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov di, ax 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 add bl, FFFFFFA8h 0x00000024 mov eax, dword ptr [ebp+122D16EDh] 0x0000002a or dword ptr [ebp+12456010h], ebx 0x00000030 mov edi, 02CA6D1Ch 0x00000035 push FFFFFFFFh 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007F6F2CCA62E8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 mov dword ptr [ebp+122D1DFDh], edx 0x00000057 nop 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11ED97A second address: 11ED985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F6F2CD44EB6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11ECA44 second address: 11ECA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11ED985 second address: 11ED9A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F192E second address: 11F1934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F1934 second address: 11F1992 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F6F2CD44EB8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov ebx, dword ptr [ebp+122D28DEh] 0x0000002b push 00000000h 0x0000002d mov ebx, dword ptr [ebp+122D288Ah] 0x00000033 push 00000000h 0x00000035 sub dword ptr [ebp+122D2E39h], edx 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F6F2CD44EC5h 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F1992 second address: 11F1996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F601A second address: 11F601E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1192E93 second address: 1192EA7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F6F2CCA62EEh 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F820B second address: 11F8215 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11F8215 second address: 11F821F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6F2CCA62ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11FBDB7 second address: 11FBDBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1200F4B second address: 1200F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1200F51 second address: 1200F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1200F56 second address: 1200F5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1200F5D second address: 1200FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jno 00007F6F2CD44EB8h 0x00000012 push ecx 0x00000013 jmp 00007F6F2CD44EC8h 0x00000018 pop ecx 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c jmp 00007F6F2CD44EBFh 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 pushad 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1200FA5 second address: 1200FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1201063 second address: 120106D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120106D second address: 1201074 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1201135 second address: 120113B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120113B second address: 1201140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1201140 second address: 1201173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F6F2CD44EBBh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F6F2CD44EC5h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A0657 second address: 11A0674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F6F2CCA62EFh 0x0000000b jnp 00007F6F2CCA62E6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A0674 second address: 11A0686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6F2CD44EB6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A0686 second address: 11A0695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62EBh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A0695 second address: 11A06A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F6F2CD44EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11A06A1 second address: 11A06A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12059A6 second address: 12059B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6F2CD44EB6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205B40 second address: 1205B61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F5h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205B61 second address: 1205B67 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205B67 second address: 1205B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205B6C second address: 1205BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC5h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d ja 00007F6F2CD44EB6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6F2CD44EC3h 0x0000001f jmp 00007F6F2CD44EC3h 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205D38 second address: 1205D5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205D5C second address: 1205D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1205EDD second address: 1205EEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1206028 second address: 1206047 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6F2CD44EC9h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1206047 second address: 1206053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F6F2CCA62E6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1206053 second address: 1206061 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1206061 second address: 1206099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F6F2CCA62F2h 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007F6F2CCA62EAh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6F2CCA62F9h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12061ED second address: 1206233 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F6F2CD44EC4h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6F2CD44EC3h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1206233 second address: 1206237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B64C second address: 120B656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B656 second address: 120B65A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B65A second address: 120B664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B664 second address: 120B668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120BA4B second address: 120BA57 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6F2CD44EB6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120BA57 second address: 120BA6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CCA62EFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120BA6B second address: 120BA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F6F2CD44EBCh 0x00000010 pop esi 0x00000011 pushad 0x00000012 jmp 00007F6F2CD44EC1h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B204 second address: 120B208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120B208 second address: 120B20C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120BEDB second address: 120BF06 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F6F2CCA62E6h 0x0000000d jmp 00007F6F2CCA62F5h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 120C4C9 second address: 120C4E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EBBh 0x00000009 jl 00007F6F2CD44EBEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211D9B second address: 1211D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12108EB second address: 1210905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CD44EC4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210905 second address: 1210909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210909 second address: 1210917 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F6F2CD44EC2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210F8C second address: 1210F9C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F6F2CCA62E6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210F9C second address: 1210FA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210FA6 second address: 1210FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1210FAC second address: 1210FB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211660 second address: 121166B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F6F2CCA62E6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 121166B second address: 1211673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211673 second address: 1211679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211BC7 second address: 1211BE3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F6F2CD44EBDh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211BE3 second address: 1211BF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62EEh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211BF6 second address: 1211C00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1211C00 second address: 1211C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1215603 second address: 1215611 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6F2CD44EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1215611 second address: 1215622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CCA62EBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1215622 second address: 1215626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1215626 second address: 121562C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0B63 second address: 11E0B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0B68 second address: 11E0B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0CBD second address: 11E0D15 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6F2CD44EBCh 0x00000008 jo 00007F6F2CD44EB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 add dword ptr [esp], 6D40B923h 0x00000017 jmp 00007F6F2CD44EC8h 0x0000001c call 00007F6F2CD44EB9h 0x00000021 pushad 0x00000022 jmp 00007F6F2CD44EC6h 0x00000027 pushad 0x00000028 jg 00007F6F2CD44EB6h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0D15 second address: 11E0D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0D24 second address: 11E0D58 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jnl 00007F6F2CD44EB6h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6F2CD44EC1h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0D58 second address: 11E0D88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c push edx 0x0000000d jmp 00007F6F2CCA62ECh 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0D88 second address: 11E0D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0D8D second address: 11E0D92 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E0ED3 second address: 11E0EE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E165D second address: 11E16CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jmp 00007F6F2CCA62F3h 0x00000010 nop 0x00000011 mov dl, B2h 0x00000013 push 0000001Eh 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F6F2CCA62E8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f nop 0x00000030 pushad 0x00000031 push esi 0x00000032 pushad 0x00000033 popad 0x00000034 pop esi 0x00000035 jns 00007F6F2CCA62ECh 0x0000003b popad 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f jc 00007F6F2CCA62ECh 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E16CE second address: 11E16D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11E16D2 second address: 11E16EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CCA62F3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1215EA2 second address: 1215EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1199B29 second address: 1199B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1221059 second address: 122105F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122105F second address: 1221069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F6F2CCA62E6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12214F6 second address: 12214FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12237F9 second address: 1223802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1223802 second address: 1223808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1223808 second address: 122380C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122380C second address: 122382E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F6F2CD44EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F6F2CD44EC1h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1227683 second address: 1227696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007F6F2CCA62EEh 0x0000000b push esi 0x0000000c pop esi 0x0000000d jl 00007F6F2CCA62E6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1227696 second address: 12276A3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6F2CD44EB8h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118C404 second address: 118C408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118C408 second address: 118C410 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118C410 second address: 118C415 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12270A0 second address: 12270B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12270B7 second address: 12270E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CCA62F2h 0x00000008 jns 00007F6F2CCA62E6h 0x0000000e jmp 00007F6F2CCA62EBh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jg 00007F6F2CCA62E6h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122C17A second address: 122C17E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122C17E second address: 122C184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122C184 second address: 122C18D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122B489 second address: 122B49B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F6F2CCA62E6h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122B613 second address: 122B658 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F6F2CD44EC8h 0x0000000e pushad 0x0000000f jmp 00007F6F2CD44EBAh 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122B8E4 second address: 122B90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007F6F2CCA62F1h 0x0000000a pop edx 0x0000000b pushad 0x0000000c jo 00007F6F2CCA62E6h 0x00000012 ja 00007F6F2CCA62E6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122BCE9 second address: 122BCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1230BA4 second address: 1230BC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F5h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122FD1B second address: 122FD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EC8h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F6F2CD44EB6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122FD40 second address: 122FD5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122FFE6 second address: 122FFEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122FFEC second address: 122FFF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 122FFF2 second address: 122FFF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 123035C second address: 1230371 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F6F2CCA62EAh 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1230371 second address: 1230386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F6F2CD44EB6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jc 00007F6F2CD44EBCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1230610 second address: 123065B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F6F2CCA62F9h 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jo 00007F6F2CCA62E6h 0x00000015 popad 0x00000016 popad 0x00000017 je 00007F6F2CCA6332h 0x0000001d push eax 0x0000001e jmp 00007F6F2CCA62F7h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1238413 second address: 1238473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CD44EBFh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F6F2CD44EC9h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jg 00007F6F2CD44EBEh 0x0000001b push eax 0x0000001c jmp 00007F6F2CD44EC5h 0x00000021 pop eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jnc 00007F6F2CD44EB6h 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1188F5A second address: 1188F7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F6F2CCA62F0h 0x0000000d je 00007F6F2CCA62EEh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 123657E second address: 1236582 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236582 second address: 1236588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236588 second address: 1236591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236591 second address: 123659F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 123659F second address: 12365BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC5h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12365BA second address: 12365BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236771 second address: 1236782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F6F2CD44EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236782 second address: 12367B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007F6F2CCA62F2h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6F2CCA62F2h 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12367B7 second address: 12367BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12367BC second address: 12367C1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236C37 second address: 1236C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236C41 second address: 1236C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jbe 00007F6F2CCA62E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236C4D second address: 1236C8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EC1h 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jbe 00007F6F2CD44EB8h 0x00000014 push esi 0x00000015 jnl 00007F6F2CD44EB6h 0x0000001b pop esi 0x0000001c push eax 0x0000001d jmp 00007F6F2CD44EC1h 0x00000022 pop eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236C8D second address: 1236C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236E59 second address: 1236E5F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236E5F second address: 1236E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6F2CCA62EDh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236E82 second address: 1236E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1236E86 second address: 1236EA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6F2CCA62F9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 123724C second address: 1237254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1237254 second address: 1237278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F6F2CCA62E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6F2CCA62F6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1237BE2 second address: 1237BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1237BEE second address: 1237BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12382BB second address: 12382BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12382BF second address: 12382C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 123FA90 second address: 123FA96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118A945 second address: 118A949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 124B489 second address: 124B48F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 124B48F second address: 124B4C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F6F2CCA62EAh 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 jmp 00007F6F2CCA62F6h 0x0000001a push eax 0x0000001b push edx 0x0000001c jg 00007F6F2CCA62E6h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12513FE second address: 1251403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1250FA4 second address: 1250FAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6F2CCA62E6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12510FB second address: 12510FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12510FF second address: 125113B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6F2CCA62E6h 0x00000008 jmp 00007F6F2CCA62F7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F6F2CCA62EBh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F6F2CCA62EEh 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 125727F second address: 1257285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1257285 second address: 125728B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 125891E second address: 125892B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 125892B second address: 1258969 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6F2CCA62E6h 0x00000008 jmp 00007F6F2CCA62F9h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnc 00007F6F2CCA62FBh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1261311 second address: 126131B instructions: 0x00000000 rdtsc 0x00000002 je 00007F6F2CD44EBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12611D2 second address: 12611D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1263760 second address: 126376C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jp 00007F6F2CD44EB6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 126376C second address: 126378C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F2h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 126378C second address: 1263790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1263790 second address: 12637AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CCA62F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12637AC second address: 12637C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CD44EBFh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 126A2EF second address: 126A309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 126A309 second address: 126A331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F6F2CD44EC9h 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1277E86 second address: 1277E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1279841 second address: 127984B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F6F2CD44EB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 128189C second address: 12818B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6F2CCA62EBh 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12818B1 second address: 12818B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12818B5 second address: 12818BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12818BE second address: 12818EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CD44EBFh 0x00000009 jmp 00007F6F2CD44EC8h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12818EF second address: 128190B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CCA62F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 127D4B7 second address: 127D4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 127D4BB second address: 127D4C5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6F2CCA62E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 127D4C5 second address: 127D4CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 127D4CB second address: 127D4F1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6F2CCA6301h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 127D4F1 second address: 127D512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6F2CD44EC9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118F90D second address: 118F928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6F2CCA62EEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118F928 second address: 118F93A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CEFCAAEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118F93A second address: 118F940 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118F940 second address: 118F961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F6F2CEFCAA6h 0x0000000a jmp 00007F6F2CEFCAB7h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 118F961 second address: 118F972 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jno 00007F6F2CEFF536h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1291364 second address: 129137F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CEFCAB7h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 129137F second address: 12913A4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6F2CEFF536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6F2CEFF549h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12913A4 second address: 12913BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6F2CEFCAB1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12913BB second address: 12913C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12913C3 second address: 12913DA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6F2CEFCAA6h 0x00000008 jmp 00007F6F2CEFCAAAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 1291089 second address: 129108F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 129108F second address: 1291093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA24C second address: 12BA268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF542h 0x00000009 jng 00007F6F2CEFF536h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA65D second address: 12BA664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA664 second address: 12BA66C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA66C second address: 12BA670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA974 second address: 12BA97A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA97A second address: 12BA97E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA97E second address: 12BA992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F6F2CEFF536h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jng 00007F6F2CEFF536h 0x00000013 pop ecx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA992 second address: 12BA9A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F6F2CEFCAACh 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA9A7 second address: 12BA9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F6F2CEFF53Ah 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F6F2CEFF53Ch 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BA9C6 second address: 12BA9DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F6F2CEFCAA6h 0x0000000a jmp 00007F6F2CEFCAABh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BE1EB second address: 12BE251 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6F2CEFF545h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F6F2CEFF542h 0x00000014 jmp 00007F6F2CEFF542h 0x00000019 popad 0x0000001a nop 0x0000001b sbb edx, 582FE5F3h 0x00000021 push dword ptr [ebp+122D1BDEh] 0x00000027 mov dword ptr [ebp+122D35BFh], edx 0x0000002d push 25E72B32h 0x00000032 pushad 0x00000033 pushad 0x00000034 jbe 00007F6F2CEFF536h 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12BF464 second address: 12BF47E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6F2CEFCAACh 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C11CD second address: 12C11D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C11D3 second address: 12C11EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6F2CEFCAB3h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C0D25 second address: 12C0D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C0D2B second address: 12C0D31 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C0D31 second address: 12C0D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6F2CEFF542h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C2DF1 second address: 12C2DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 12C2DF5 second address: 12C2DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C405D5 second address: 4C405DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C405DA second address: 4C40616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6F2CEFF53Dh 0x0000000a xor ax, A2C6h 0x0000000f jmp 00007F6F2CEFF541h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F6F2CEFF53Dh 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40616 second address: 4C4061C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C4061C second address: 4C40620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40620 second address: 4C40624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40624 second address: 4C40644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6F2CEFF545h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40644 second address: 4C4064A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C4064A second address: 4C4064E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C4064E second address: 4C40688 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 movsx edi, ax 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6F2CEFCAB2h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40688 second address: 4C4068C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C4068C second address: 4C40692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C40692 second address: 4C40698 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10060 second address: 4C10066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10066 second address: 4C100A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF543h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov eax, 6B4AF84Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F6F2CEFF53Eh 0x0000001a add ah, 00000058h 0x0000001d jmp 00007F6F2CEFF53Bh 0x00000022 popfd 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C100A6 second address: 4C100D1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 1A414A0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F6F2CEFCAB2h 0x00000011 pop ebp 0x00000012 pushad 0x00000013 mov ax, 15CDh 0x00000017 push eax 0x00000018 push edx 0x00000019 mov esi, 2C8CFBEFh 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C8036C second address: 4C80373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80373 second address: 4C80379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80379 second address: 4C803E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F6F2CEFF53Bh 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F6F2CEFF546h 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jmp 00007F6F2CEFF53Dh 0x00000021 pushfd 0x00000022 jmp 00007F6F2CEFF540h 0x00000027 and cl, FFFFFFF8h 0x0000002a jmp 00007F6F2CEFF53Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00BD7 second address: 4C00C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFCAAFh 0x00000008 pop ecx 0x00000009 mov bx, 784Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F6F2CEFCAB2h 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F6F2CEFCAB0h 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6F2CEFCAAAh 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00C25 second address: 4C00C29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00C29 second address: 4C00C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00C2F second address: 4C00CAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFF53Ch 0x00000008 pop ecx 0x00000009 mov edx, 42740536h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push dword ptr [ebp+04h] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F6F2CEFF543h 0x0000001b xor ax, 4DBEh 0x00000020 jmp 00007F6F2CEFF549h 0x00000025 popfd 0x00000026 jmp 00007F6F2CEFF540h 0x0000002b popad 0x0000002c push dword ptr [ebp+0Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F6F2CEFF547h 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00CAB second address: 4C00CFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFCAAFh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F6F2CEFCAB9h 0x0000000f adc ecx, 57966AB6h 0x00000015 jmp 00007F6F2CEFCAB1h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push dword ptr [ebp+08h] 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00CFC second address: 4C00D0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00D41 second address: 4C00D5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ebx, esi 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00D5D second address: 4C00D6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF53Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C00D6F second address: 4C00D73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50CE2 second address: 4C50CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50CE8 second address: 4C50CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50CEC second address: 4C50CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50CFB second address: 4C50CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50CFF second address: 4C50D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D03 second address: 4C50D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D09 second address: 4C50D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D0F second address: 4C50D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D13 second address: 4C50D2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov di, ax 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D2E second address: 4C50D35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50D35 second address: 4C50D3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CA0357 second address: 4CA0381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx esi, dx 0x00000007 popad 0x00000008 movsx ebx, ax 0x0000000b popad 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6F2CEFCAB8h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CA0381 second address: 4CA0390 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CA0390 second address: 4CA03C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 3FE6EF0Ah 0x00000008 movsx ebx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F6F2CEFCAAFh 0x00000018 jmp 00007F6F2CEFCAB3h 0x0000001d popfd 0x0000001e mov ah, D1h 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CA03C9 second address: 4CA03CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C9004C second address: 4C90052 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C105FB second address: 4C10608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10608 second address: 4C1060C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1060C second address: 4C10612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10612 second address: 4C10626 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, al 0x00000005 mov edx, 421B6A08h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10626 second address: 4C1062A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1062A second address: 4C1062E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1062E second address: 4C10634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10634 second address: 4C10671 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFCAB0h 0x00000008 pop eax 0x00000009 mov dh, 3Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F6F2CEFCAAAh 0x00000014 mov ebp, esp 0x00000016 jmp 00007F6F2CEFCAB0h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10671 second address: 4C10675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10675 second address: 4C10679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10679 second address: 4C1067F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C8014F second address: 4C80155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80155 second address: 4C80159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80159 second address: 4C80168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, ecx 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80168 second address: 4C8016E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C8016E second address: 4C801CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007F6F2CEFCAB6h 0x00000013 mov ebp, esp 0x00000015 pushad 0x00000016 mov dx, ax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F6F2CEFCAB8h 0x00000021 sub eax, 326EA0B8h 0x00000027 jmp 00007F6F2CEFCAABh 0x0000002c popfd 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80732 second address: 4C807BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF540h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov cx, 1611h 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F6F2CEFF53Ch 0x00000014 push eax 0x00000015 pushad 0x00000016 mov di, E814h 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F6F2CEFF543h 0x00000021 sbb cl, FFFFFFAEh 0x00000024 jmp 00007F6F2CEFF549h 0x00000029 popfd 0x0000002a mov cx, D937h 0x0000002e popad 0x0000002f popad 0x00000030 xchg eax, ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 movsx ebx, cx 0x00000037 pushfd 0x00000038 jmp 00007F6F2CEFF540h 0x0000003d add ch, 00000058h 0x00000040 jmp 00007F6F2CEFF53Bh 0x00000045 popfd 0x00000046 popad 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C807BE second address: 4C807C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C807C4 second address: 4C807C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C807C8 second address: 4C807E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov di, 5F64h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C807E2 second address: 4C80813 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6F2CEFF53Dh 0x00000008 or al, FFFFFFA6h 0x0000000b jmp 00007F6F2CEFF541h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 mov eax, dword ptr [ebp+08h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80813 second address: 4C80817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C80817 second address: 4C8082A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C8082A second address: 4C80866 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CEFCAAFh 0x00000008 mov ecx, 1A905FAFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 and dword ptr [eax], 00000000h 0x00000013 jmp 00007F6F2CEFCAB2h 0x00000018 and dword ptr [eax+04h], 00000000h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov eax, edx 0x00000021 movsx edx, si 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50BE6 second address: 4C50C0E instructions: 0x00000000 rdtsc 0x00000002 call 00007F6F2CEFF547h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, ebx 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov eax, ebx 0x00000013 mov ch, bl 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50C0E second address: 4C50C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6F2CEFCAADh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50C37 second address: 4C50C3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C901E5 second address: 4C901E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C901E9 second address: 4C901EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C3081A second address: 4C3086A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F6F2CEFCAAEh 0x0000000f push eax 0x00000010 jmp 00007F6F2CEFCAABh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F6F2CEFCAB5h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C3086A second address: 4C3089E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 4E5A58E2h 0x00000008 jmp 00007F6F2CEFF543h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F6F2CEFF540h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C3089E second address: 4C308A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C308A2 second address: 4C308A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C308A8 second address: 4C308B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFCAADh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90DAE second address: 4C90DB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90DB2 second address: 4C90DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90DB8 second address: 4C90E00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF544h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F6F2CEFF540h 0x0000000f push eax 0x00000010 jmp 00007F6F2CEFF53Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007F6F2CEFF53Eh 0x0000001e popad 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90E00 second address: 4C90E7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 5E7077F4h 0x00000008 pushfd 0x00000009 jmp 00007F6F2CEFCAADh 0x0000000e xor cx, 81B6h 0x00000013 jmp 00007F6F2CEFCAB1h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ebp, esp 0x0000001e jmp 00007F6F2CEFCAAEh 0x00000023 xchg eax, ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F6F2CEFCAADh 0x0000002d or eax, 5E436DC6h 0x00000033 jmp 00007F6F2CEFCAB1h 0x00000038 popfd 0x00000039 call 00007F6F2CEFCAB0h 0x0000003e pop esi 0x0000003f popad 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90E7C second address: 4C90E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C90E82 second address: 4C90E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50008 second address: 4C5000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5000E second address: 4C50076 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov si, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ebx, 1E11FAD8h 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 pushad 0x00000017 mov ebx, 0B694CF0h 0x0000001c movsx edx, ax 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 mov ax, FADDh 0x00000027 jmp 00007F6F2CEFCAAAh 0x0000002c popad 0x0000002d and esp, FFFFFFF8h 0x00000030 jmp 00007F6F2CEFCAB0h 0x00000035 xchg eax, ecx 0x00000036 jmp 00007F6F2CEFCAB0h 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F6F2CEFCAADh 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50076 second address: 4C5007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5007A second address: 4C50080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50080 second address: 4C50086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50086 second address: 4C5008A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5008A second address: 4C500BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F6F2CEFF542h 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 mov al, 5Dh 0x00000012 pushad 0x00000013 mov bh, BDh 0x00000015 mov di, ax 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6F2CEFF53Ah 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C500BE second address: 4C500ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 8FF6h 0x00000011 jmp 00007F6F2CEFCAB7h 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C500ED second address: 4C5011C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6F2CEFF53Dh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5011C second address: 4C5014E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6F2CEFCAB8h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5014E second address: 4C50154 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50154 second address: 4C50172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov si, C413h 0x00000011 mov dx, ax 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50172 second address: 4C50192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6F2CEFF53Bh 0x00000008 mov eax, 3695F15Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov si, di 0x00000017 mov ch, dl 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50192 second address: 4C50198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50198 second address: 4C5019C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5019C second address: 4C501A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C501A0 second address: 4C501B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C501B0 second address: 4C501B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, cx 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C501B8 second address: 4C501FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF547h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F6F2CEFF546h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6F2CEFF53Dh 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C501FC second address: 4C50200 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50200 second address: 4C50206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50206 second address: 4C502FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b mov ebx, esi 0x0000000d pushfd 0x0000000e jmp 00007F6F2CEFCAAAh 0x00000013 sub esi, 30259C18h 0x00000019 jmp 00007F6F2CEFCAABh 0x0000001e popfd 0x0000001f popad 0x00000020 test esi, esi 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F6F2CEFCAB4h 0x00000029 add ah, 00000078h 0x0000002c jmp 00007F6F2CEFCAABh 0x00000031 popfd 0x00000032 popad 0x00000033 je 00007F6F9F1DAE5Bh 0x00000039 pushad 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d pushfd 0x0000003e jmp 00007F6F2CEFCAB7h 0x00000043 or esi, 34845AEEh 0x00000049 jmp 00007F6F2CEFCAB9h 0x0000004e popfd 0x0000004f popad 0x00000050 jmp 00007F6F2CEFCAB0h 0x00000055 popad 0x00000056 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000005d jmp 00007F6F2CEFCAB0h 0x00000062 je 00007F6F9F1DAE06h 0x00000068 jmp 00007F6F2CEFCAB0h 0x0000006d mov edx, dword ptr [esi+44h] 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007F6F2CEFCAB7h 0x00000077 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C502FD second address: 4C50343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFF53Fh 0x00000008 pop eax 0x00000009 mov ebx, 7F48836Ch 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F6F2CEFF53Ch 0x0000001d jmp 00007F6F2CEFF545h 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50343 second address: 4C50348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50348 second address: 4C5034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5034E second address: 4C50352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50352 second address: 4C50356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50356 second address: 4C5036A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edx, 61000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C5036A second address: 4C50378 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50378 second address: 4C503E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 24C4h 0x00000007 mov eax, ebx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F6F9F1DADAAh 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F6F2CEFCAB5h 0x00000019 or cl, FFFFFFB6h 0x0000001c jmp 00007F6F2CEFCAB1h 0x00000021 popfd 0x00000022 jmp 00007F6F2CEFCAB0h 0x00000027 popad 0x00000028 test byte ptr [esi+48h], 00000001h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F6F2CEFCAB7h 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C703FB second address: 4C7040F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF540h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C7040F second address: 4C70462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a call 00007F6F2CEFCAAAh 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 pushfd 0x00000013 jmp 00007F6F2CEFCAB1h 0x00000018 and cx, DA86h 0x0000001d jmp 00007F6F2CEFCAB1h 0x00000022 popfd 0x00000023 popad 0x00000024 mov dword ptr [esp], ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F6F2CEFCAADh 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70462 second address: 4C70472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF53Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70472 second address: 4C70499 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6F2CEFCAB9h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70499 second address: 4C704AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C704AE second address: 4C704EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e pushad 0x0000000f call 00007F6F2CEFCAB0h 0x00000014 mov ah, 8Ah 0x00000016 pop edi 0x00000017 mov ebx, eax 0x00000019 popad 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6F2CEFCAB5h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C704EB second address: 4C704F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C704F1 second address: 4C704F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C704F5 second address: 4C705C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F6F2CEFF546h 0x0000000e xchg eax, ebx 0x0000000f jmp 00007F6F2CEFF540h 0x00000014 xchg eax, esi 0x00000015 pushad 0x00000016 call 00007F6F2CEFF53Eh 0x0000001b mov si, E381h 0x0000001f pop eax 0x00000020 jmp 00007F6F2CEFF547h 0x00000025 popad 0x00000026 push eax 0x00000027 jmp 00007F6F2CEFF549h 0x0000002c xchg eax, esi 0x0000002d pushad 0x0000002e mov esi, 096D9FD3h 0x00000033 call 00007F6F2CEFF548h 0x00000038 jmp 00007F6F2CEFF542h 0x0000003d pop esi 0x0000003e popad 0x0000003f mov esi, dword ptr [ebp+08h] 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F6F2CEFF53Ah 0x0000004b sub esi, 538CF5B8h 0x00000051 jmp 00007F6F2CEFF53Bh 0x00000056 popfd 0x00000057 movzx eax, di 0x0000005a popad 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C705C6 second address: 4C70624 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b jmp 00007F6F2CEFCAB1h 0x00000010 test esi, esi 0x00000012 pushad 0x00000013 mov di, cx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F6F2CEFCAB6h 0x0000001e jmp 00007F6F2CEFCAB5h 0x00000023 popfd 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70624 second address: 4C70689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF540h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a je 00007F6F9F1B528Bh 0x00000010 jmp 00007F6F2CEFF540h 0x00000015 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001c jmp 00007F6F2CEFF540h 0x00000021 mov ecx, esi 0x00000023 pushad 0x00000024 mov dl, ah 0x00000026 popad 0x00000027 je 00007F6F9F1B526Dh 0x0000002d pushad 0x0000002e mov esi, 218B45F1h 0x00000033 push eax 0x00000034 pushad 0x00000035 popad 0x00000036 pop edx 0x00000037 popad 0x00000038 test byte ptr [76FB6968h], 00000002h 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70689 second address: 4C70690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70690 second address: 4C706D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 push ebx 0x00000007 pop esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F6F9F1B5251h 0x00000011 pushad 0x00000012 jmp 00007F6F2CEFF53Dh 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F6F2CEFF53Eh 0x0000001e add ch, 00000058h 0x00000021 jmp 00007F6F2CEFF53Bh 0x00000026 popfd 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C706D0 second address: 4C706FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov edx, dword ptr [ebp+0Ch] 0x00000009 jmp 00007F6F2CEFCAB4h 0x0000000e xchg eax, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6F2CEFCAAAh 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C706FC second address: 4C7070B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF53Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C7070B second address: 4C7076C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, bx 0x0000000e movsx edx, ax 0x00000011 popad 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov ecx, ebx 0x00000018 pushfd 0x00000019 jmp 00007F6F2CEFCAB3h 0x0000001e xor esi, 1E5E853Eh 0x00000024 jmp 00007F6F2CEFCAB9h 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C7076C second address: 4C70772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70772 second address: 4C70776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70776 second address: 4C7079C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F6F2CEFF544h 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C7079C second address: 4C707A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C707A0 second address: 4C707A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C707A6 second address: 4C707B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFCAABh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70815 second address: 4C70891 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 mov ah, dl 0x0000000b jmp 00007F6F2CEFF53Ch 0x00000010 popad 0x00000011 pop ebx 0x00000012 jmp 00007F6F2CEFF540h 0x00000017 mov esp, ebp 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F6F2CEFF53Eh 0x00000020 add si, F548h 0x00000025 jmp 00007F6F2CEFF53Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F6F2CEFF548h 0x00000031 xor ah, FFFFFFA8h 0x00000034 jmp 00007F6F2CEFF53Bh 0x00000039 popfd 0x0000003a popad 0x0000003b pop ebp 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C70891 second address: 4C70897 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C6017B second address: 4C60185 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 54CF3624h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1C24 second address: 4CC1C59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6F2CEFCAACh 0x00000009 sub al, FFFFFFD8h 0x0000000c jmp 00007F6F2CEFCAABh 0x00000011 popfd 0x00000012 mov bl, ah 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F6F2CEFCAAEh 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1C59 second address: 4CC1C6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF53Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1C6B second address: 4CC1C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1C6F second address: 4CC1CC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F6F2CEFF547h 0x0000000f push 0000007Fh 0x00000011 pushad 0x00000012 push esi 0x00000013 mov edx, 505DFD86h 0x00000018 pop edx 0x00000019 popad 0x0000001a push 00000001h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F6F2CEFF542h 0x00000025 sbb cx, 8028h 0x0000002a jmp 00007F6F2CEFF53Bh 0x0000002f popfd 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1CC4 second address: 4CC1D48 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6F2CEFCAB8h 0x00000008 sbb esi, 0DC13288h 0x0000000e jmp 00007F6F2CEFCAABh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F6F2CEFCAB8h 0x0000001c sbb eax, 56E894E8h 0x00000022 jmp 00007F6F2CEFCAABh 0x00000027 popfd 0x00000028 popad 0x00000029 push dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d mov esi, 243BDFFBh 0x00000032 push eax 0x00000033 push edx 0x00000034 pushfd 0x00000035 jmp 00007F6F2CEFCAAEh 0x0000003a xor ah, 00000048h 0x0000003d jmp 00007F6F2CEFCAABh 0x00000042 popfd 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1D5A second address: 4CC1D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1D5E second address: 4CC1D64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1D64 second address: 4CC1D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFF545h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1D7D second address: 4CC1DA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6F2CEFCAADh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4CC1DA4 second address: 4CC1C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFF53Ah 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c retn 0004h 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 push eax 0x00000013 call ebx 0x00000015 mov edi, edi 0x00000017 jmp 00007F6F2CEFF548h 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e mov dx, cx 0x00000021 jmp 00007F6F2CEFF53Ah 0x00000026 popad 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b movzx ecx, di 0x0000002e call 00007F6F2CEFF549h 0x00000033 pop esi 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C102D4 second address: 4C102EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6F2CEFCAB3h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C102EC second address: 4C10343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6F2CEFF53Fh 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007F6F2CEFF549h 0x0000000f or ecx, 7924CD96h 0x00000015 jmp 00007F6F2CEFF541h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F6F2CEFF53Ch 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10343 second address: 4C10355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6F2CEFCAAEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10355 second address: 4C10359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10359 second address: 4C10368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10368 second address: 4C1036E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1036E second address: 4C103BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 push edi 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007F6F2CEFCAB0h 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F6F2CEFCAABh 0x0000001c or esi, 1C98F18Eh 0x00000022 jmp 00007F6F2CEFCAB9h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C103BC second address: 4C103FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 pushfd 0x00000007 jmp 00007F6F2CEFF543h 0x0000000c add ch, FFFFFF9Eh 0x0000000f jmp 00007F6F2CEFF549h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C103FD second address: 4C10401 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10401 second address: 4C10407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C10407 second address: 4C1045B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAB2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6F2CEFCAABh 0x0000000f xchg eax, ecx 0x00000010 pushad 0x00000011 jmp 00007F6F2CEFCAB4h 0x00000016 mov ah, 90h 0x00000018 popad 0x00000019 and dword ptr [ebp-04h], 00000000h 0x0000001d jmp 00007F6F2CEFCAADh 0x00000022 lea eax, dword ptr [ebp-04h] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1045B second address: 4C1045F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C1045F second address: 4C1049C instructions: 0x00000000 rdtsc 0x00000002 mov edi, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6F2CEFCAB4h 0x0000000b popad 0x0000000c nop 0x0000000d jmp 00007F6F2CEFCAB0h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6F2CEFCAAEh 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0BDD second address: 4BF0C12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F6F2CEFF53Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6F2CEFF53Eh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C12 second address: 4BF0C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, 5B866966h 0x00000012 pushfd 0x00000013 jmp 00007F6F2CEFCAB7h 0x00000018 or eax, 0767F3EEh 0x0000001e jmp 00007F6F2CEFCAB9h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C63 second address: 4BF0C80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFF541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C80 second address: 4BF0C86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C86 second address: 4BF0C8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C8C second address: 4BF0C90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0C90 second address: 4BF0CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6F2CEFF53Fh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0CAA second address: 4BF0CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4BF0CB0 second address: 4BF0CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA31D second address: 11DA321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 11DA321 second address: 11DA327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50E24 second address: 4C50E47 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 352C064Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F6F2CEFCAB2h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50E47 second address: 4C50E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, 3409h 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\RY5YJaMEWE.exe |
RDTSC instruction interceptor: First address: 4C50E50 second address: 4C50E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6F2CEFCAAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F6F2CEFCAB6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6F2CEFCAB7h 0x00000018 rdtsc |