Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.ex |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeh |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exe |
Source: RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exe$ |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exe1 |
Source: RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/go.exemadka.exbot |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exe |
Source: RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/lenin.exe225- |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe |
Source: RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe.1 |
Source: RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exe? |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exeea.exe |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://193.233.132.56/cost/sok.exew |
Source: vEaFCBsRb7.exe, 00000000.00000002.3231385899.0000000000041000.00000040.00000001.01000000.00000003.sdmp, vEaFCBsRb7.exe, 00000000.00000003.1983935215.0000000005320000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3231393001.0000000000431000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2036916147.0000000004D50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3231395822.0000000000431000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2038042758.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3124049233.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000009.00000003.2177106825.0000000005580000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2268284285.00000000057E0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3116069122.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp |
String found in binary or memory: http://www.winimage.com/zLibDll |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3119070125.00000000019E9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.3027891603.00000000019E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/2 |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000160A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/cint |
Source: RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/d |
Source: MPGPH131.exe, 00000006.00000002.3235354494.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3126250989.0000000001981000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225 |
Source: RageMP131.exe, 00000009.00000003.2938807474.00000000019BC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940724442.00000000019BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127041587.00000000019C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.2251& |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.2257 |
Source: RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.2259 |
Source: MPGPH131.exe, 00000006.00000002.3235354494.00000000011C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225F |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225Q |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225c |
Source: MPGPH131.exe, 00000006.00000003.2763089667.0000000001200000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011FC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/demo/home.php?s=191.96.150.225r |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com/n |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.000000000193C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225 |
Source: RageMP131.exe, 00000009.00000002.3126250989.0000000001981000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225F |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000160A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011A7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://db-ip.com:443/demo/home.php?s=191.96.150.225P |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: RageMP131.exe, RageMP131.exe, 0000000A.00000002.3117805791.000000000195D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3119070125.00000000019E9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.3027891603.00000000019E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.0000000001998000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/ |
Source: MPGPH131.exe, 00000006.00000002.3235354494.000000000115D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/L6 |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000160A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.0000000001410000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3126250989.0000000001969000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.00000000015E5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/X |
Source: vEaFCBsRb7.exe, 00000000.00000002.3231385899.0000000000041000.00000040.00000001.01000000.00000003.sdmp, vEaFCBsRb7.exe, 00000000.00000003.1983935215.0000000005320000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3231393001.0000000000431000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000006.00000003.2036916147.0000000004D50000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3231395822.0000000000431000.00000040.00000001.01000000.00000005.sdmp, MPGPH131.exe, 00000007.00000003.2038042758.00000000051E0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3124049233.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp, RageMP131.exe, 00000009.00000003.2177106825.0000000005580000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2268284285.00000000057E0000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3116069122.0000000000ED1000.00000040.00000001.01000000.00000006.sdmp |
String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: RageMP131.exe, 0000000A.00000002.3117805791.000000000195D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/s |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.00000000015EE000.00000004.00000020.00020000.00000000.sdmp, vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000160A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011A7000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.0000000001410000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3126250989.000000000191A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.000000000194E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019A1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225 |
Source: MPGPH131.exe, 00000007.00000002.3235201337.00000000013BE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225K8G |
Source: RageMP131.exe, 00000009.00000002.3126250989.0000000001969000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/widget/demo/191.96.150.225X |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000160A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011A7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225 |
Source: MPGPH131.exe, 00000007.00000002.3235201337.0000000001410000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225A |
Source: RageMP131.exe, 0000000A.00000002.3117805791.000000000193C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225G |
Source: RageMP131.exe, 00000009.00000002.3126250989.0000000001969000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io:443/widget/demo/191.96.150.225P |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://support.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: RageMP131.exe, 00000009.00000002.3126250989.0000000001981000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.%G |
Source: MPGPH131.exe, 00000006.00000002.3235354494.00000000011C0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.R5 |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000157E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3235201337.000000000138A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941479862.0000000008123000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940272026.0000000008123000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2942013456.0000000008123000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3126250989.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3126250989.0000000001957000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940922087.0000000008123000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3130008466.0000000008123000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.000000000191B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084B1000.00000004.00000020.00020000.00000000.sdmp, YZiM0LfOCL0wAoFFqwq287m.zip.10.dr, MGAxghooOX7va8QMyrnsU_W.zip.9.dr |
String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: RageMP131.exe, 00000009.00000002.3126250989.00000000018DE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORT- |
Source: RageMP131.exe, 0000000A.00000002.3123655863.00000000084EF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTAq |
Source: vEaFCBsRb7.exe, 00000000.00000002.3235371502.000000000157E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/RiseProSUPPORTO |
Source: RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.000000000197F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2934224778.0000000008891000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2934413687.0000000008851000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084B1000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.9.dr, passwords.txt.10.dr |
String found in binary or memory: https://t.me/risepro_bot |
Source: MPGPH131.exe, 00000006.00000003.2763203895.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011FC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botftm |
Source: MPGPH131.exe, 00000006.00000003.2763203895.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011FC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botisepro_bot |
Source: RageMP131.exe, 00000009.00000003.2941921958.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940827840.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941428467.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2938906121.00000000019B5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3127006702.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940227625.00000000019B7000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2973150979.00000000019B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3117805791.00000000019AC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2677242875.00000000019B9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botlater |
Source: MPGPH131.exe, 00000006.00000003.2763203895.00000000011F8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3235354494.00000000011FC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/risepro_botlaterBt |
Source: MPGPH131.exe, 00000007.00000002.3235201337.000000000142B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.z |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: RageMP131.exe, 00000009.00000003.2755790436.000000000817D000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2752679715.00000000084B6000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2755577893.00000000088D5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2916837123.0000000008848000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2753096632.0000000008509000.00000004.00000020.00020000.00000000.sdmp, W44NXfpgbImZWeb Data.9.dr, TRDKrWwetNazWeb Data.10.dr, B1xZ4zWQ2d_TWeb Data.10.dr, 7uolldSk5KT8Web Data.9.dr, vIW_0PZSD0myWeb Data.10.dr, NhFbDsJoIRBGWeb Data.9.dr |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: RageMP131.exe |
String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://www.mozilla.org |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: RageMP131.exe, 00000009.00000003.2828113447.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830416264.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2831360425.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2832188937.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940922087.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2748493112.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941479862.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3130008466.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829713477.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830079340.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940272026.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2828415359.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829208095.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2942013456.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2921042003.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2750221108.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2930691596.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2926661635.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2927097367.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2915101922.00000000084EF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ph |
Source: D87fZN3R3jFeplaces.sqlite.9.dr |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: RageMP131.exe, 00000009.00000003.2828113447.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830416264.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2831360425.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2832188937.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940922087.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2748493112.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941479862.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3130008466.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829713477.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830079340.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940272026.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2828415359.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829208095.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2942013456.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2921042003.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2750221108.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2930691596.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2926661635.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2927097367.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2915101922.00000000084EF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/_1 |
Source: RageMP131.exe, 00000009.00000002.3129981998.0000000008100000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ata |
Source: RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/atataV |
Source: RageMP131.exe, 00000009.00000003.2828113447.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830416264.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2831360425.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2832188937.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940922087.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2748493112.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2941479862.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000002.3130008466.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829713477.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2830079340.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2940272026.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2828415359.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2829208095.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000009.00000003.2942013456.0000000008163000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2921042003.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2750221108.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3123655863.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2930691596.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2926661635.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2927097367.00000000084EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000003.2915101922.00000000084EF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: RageMP131.exe, 0000000A.00000002.3123655863.00000000084A0000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: webio.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 358885 second address: 3588A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007FB48CB50B72h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3588A0 second address: 3588CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CC6F1F5h 0x00000007 jmp 00007FB48CC6F1EDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3588CB second address: 3588FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB48CB50B66h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d jne 00007FB48CB50B80h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3588FF second address: 358903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 358903 second address: 358917 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FB48CB50B6Eh 0x0000000c pushad 0x0000000d popad 0x0000000e je 00007FB48CB50B66h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 358917 second address: 35891D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35891D second address: 35892D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CB50B6Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3578D4 second address: 3578E2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB48CC6F1E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3578E2 second address: 3578E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3578E6 second address: 3578EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3578EE second address: 3578FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB48CB50B66h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3578FA second address: 35790E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jng 00007FB48CC6F1E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FB48CC6F1ECh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35790E second address: 357931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 jmp 00007FB48CB50B74h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357931 second address: 35793B instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB48CC6F1E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35793B second address: 35795B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB48CB50B76h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357ACB second address: 357AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB48CC6F1F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB48CC6F1F0h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357AFA second address: 357AFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357C44 second address: 357C4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357D97 second address: 357D9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357D9B second address: 357DA5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB48CC6F1EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357F2C second address: 357F32 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 357F32 second address: 357F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 358076 second address: 358085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FB48CB50B66h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 358085 second address: 3580A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop ecx 0x0000000e popad 0x0000000f jnp 00007FB48CC6F1F4h 0x00000015 jo 00007FB48CC6F1EEh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AA21 second address: 35AA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AA25 second address: 35AA2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AA2F second address: 35AA33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AA33 second address: 35AAB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FB48CC6F1F6h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FB48CC6F1EBh 0x00000017 pop eax 0x00000018 jmp 00007FB48CC6F1F2h 0x0000001d lea ebx, dword ptr [ebp+12456831h] 0x00000023 push 00000000h 0x00000025 push eax 0x00000026 call 00007FB48CC6F1E8h 0x0000002b pop eax 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc eax 0x00000039 push eax 0x0000003a ret 0x0000003b pop eax 0x0000003c ret 0x0000003d mov esi, 3FC09EB1h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FB48CC6F1F7h 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AAB9 second address: 35AABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AC95 second address: 35AC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AC99 second address: 35ACB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CB50B73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35ACB0 second address: 35ACB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35ACB6 second address: 35ACBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35ACBA second address: 35ACE2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB48CC6F1E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007FB48CC6F1EEh 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jbe 00007FB48CC6F1F0h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35ADCA second address: 35ADDE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB48CB50B6Ch 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35ADDE second address: 35ADE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 35AECB second address: 35AED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A836 second address: 37A83C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A83C second address: 37A86D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CB50B76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB48CB50B73h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A86D second address: 37A88C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB48CC6F1F8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A88C second address: 37A8BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB48CB50B6Fh 0x00000010 push ebx 0x00000011 jmp 00007FB48CB50B71h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A8BA second address: 37A8BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A8BF second address: 37A8C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34BEA2 second address: 34BEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37870B second address: 37873E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CB50B76h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB48CB50B77h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378B79 second address: 378B8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439AFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378E26 second address: 378E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378E2C second address: 378E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB48CD439AEh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378E43 second address: 378E4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378E4D second address: 378E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378FD3 second address: 378FD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378FD9 second address: 378FF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 378FF4 second address: 379017 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB48D1AA69Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379017 second address: 379021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3793E4 second address: 3793ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3793ED second address: 379407 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB48CD439AFh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379407 second address: 379424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FB48D1AA692h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379424 second address: 379428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379428 second address: 37942C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379834 second address: 379841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jbe 00007FB48CD439A6h 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379841 second address: 379847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379847 second address: 37984B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37984B second address: 379863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379863 second address: 379867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379867 second address: 37988A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA690h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB48D1AA68Fh 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3799FA second address: 379A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 379A00 second address: 379A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A0A4 second address: 37A0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FB48CD439B3h 0x0000000d jmp 00007FB48CD439B3h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 js 00007FB48CD439A6h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A278 second address: 37A27E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37A6B9 second address: 37A6C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 37FD2C second address: 37FD32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34D92E second address: 34D932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34D932 second address: 34D969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48D1AA699h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007FB48D1AA691h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34D969 second address: 34D972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34D972 second address: 34D976 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 382173 second address: 382189 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB48CD439ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 380A0D second address: 380A12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 382390 second address: 382394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 382394 second address: 3823A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3823A4 second address: 3823AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3823AE second address: 3823D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FB48D1AA688h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38256D second address: 38257B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38257B second address: 382580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 382580 second address: 382586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386CAB second address: 386CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38625D second address: 386261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386261 second address: 38626F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38626F second address: 386273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386273 second address: 386279 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386279 second address: 38627F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38627F second address: 38628E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38628E second address: 3862A0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB48CD439A6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386409 second address: 38641B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB48D1AA688h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38641B second address: 386425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386566 second address: 38656A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386AB3 second address: 386ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 386ABD second address: 386AC7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB48D1AA686h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 388EAD second address: 388EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3896DE second address: 3896F3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c js 00007FB48D1AA68Eh 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 389750 second address: 38975B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB48CD439A6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 389850 second address: 389855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 389855 second address: 38986F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB48CD439ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007FB48CD439BCh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3899EF second address: 3899F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3899F3 second address: 3899F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3899F7 second address: 389A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 389A01 second address: 389A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38B167 second address: 38B16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D2D3 second address: 38D2EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB48CD439A6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jl 00007FB48CD439A6h 0x00000018 pop eax 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D2EC second address: 38D301 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA691h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D301 second address: 38D351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov di, BC8Eh 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+12482553h], esi 0x00000015 stc 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FB48CD439A8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov edi, 089AEB5Ah 0x00000037 mov esi, 19049F98h 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007FB48CD439A6h 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D351 second address: 38D355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D355 second address: 38D363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FB48CD439A6h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38D363 second address: 38D37D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FB48D1AA68Ch 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38F893 second address: 38F8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB48CD439B8h 0x0000000c je 00007FB48CD439A6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38F8B8 second address: 38F8BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38FE6E second address: 38FE72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 390909 second address: 39094C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a sub edi, 179B7D69h 0x00000010 push 00000000h 0x00000012 sub dword ptr [ebp+12486FBFh], esi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FB48D1AA688h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39094C second address: 39095D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39095D second address: 390963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 390963 second address: 390967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 396039 second address: 396097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA696h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov eax, 2AB2AAA0h 0x00000012 popad 0x00000013 push 00000000h 0x00000015 mov di, ax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FB48D1AA688h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 or dword ptr [ebp+122D3587h], edi 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c jno 00007FB48D1AA688h 0x00000042 pop eax 0x00000043 push eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 pop ebx 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 396097 second address: 39609B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 396202 second address: 396206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3962E5 second address: 3962F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jl 00007FB48CD439A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39946B second address: 39946F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39946F second address: 399480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A468 second address: 39A484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB48D1AA692h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A5B0 second address: 39A5C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FB48CD439A8h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A5C2 second address: 39A5CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FB48D1AA686h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A5CD second address: 39A66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FB48CD439A8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov edi, ebx 0x00000024 push dword ptr fs:[00000000h] 0x0000002b sub ebx, dword ptr [ebp+122D317Eh] 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b call 00007FB48CD439A8h 0x00000040 pop ebx 0x00000041 mov dword ptr [esp+04h], ebx 0x00000045 add dword ptr [esp+04h], 0000001Dh 0x0000004d inc ebx 0x0000004e push ebx 0x0000004f ret 0x00000050 pop ebx 0x00000051 ret 0x00000052 mov dword ptr [ebp+122D2C6Ch], ecx 0x00000058 mov eax, dword ptr [ebp+122D07D1h] 0x0000005e jmp 00007FB48CD439B1h 0x00000063 push FFFFFFFFh 0x00000065 push esi 0x00000066 jmp 00007FB48CD439B0h 0x0000006b pop ebx 0x0000006c jc 00007FB48CD439A7h 0x00000072 cmc 0x00000073 nop 0x00000074 push eax 0x00000075 push edx 0x00000076 push edi 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A66D second address: 39A672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A672 second address: 39A686 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jng 00007FB48CD439A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A686 second address: 39A68B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39A68B second address: 39A695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39E639 second address: 39E63D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39D863 second address: 39D867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A0643 second address: 3A0648 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A1623 second address: 3A1629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A1629 second address: 3A162D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A2634 second address: 3A2646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FB48CD439ABh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39E917 second address: 39E91B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A36E2 second address: 3A3704 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jne 00007FB48CD439A6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007FB48CD439A6h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39E91B second address: 39E925 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 39E925 second address: 39E93D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A2896 second address: 3A289A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A289A second address: 3A28C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jp 00007FB48CD439A6h 0x00000014 jmp 00007FB48CD439AFh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A3911 second address: 3A392D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA698h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A39F6 second address: 3A3A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB48CD439B4h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A3A14 second address: 3A3A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A5718 second address: 3A571E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3A49EB second address: 3A49F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3AD6EB second address: 3AD6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3ACFF3 second address: 3AD00D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB48D1AA693h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3AD00D second address: 3AD01B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3AFC0F second address: 3AFC15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3AFC15 second address: 3AFC1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3AFC1B second address: 3AFC34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FB48D1AA68Eh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34F3A3 second address: 34F3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jl 00007FB48CD439AEh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34F3B6 second address: 34F3FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FB48D1AA68Ch 0x00000011 pushad 0x00000012 jng 00007FB48D1AA686h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FB48D1AA698h 0x0000001f jo 00007FB48D1AA686h 0x00000025 popad 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34F3FC second address: 34F429 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FB48CD439B5h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FB48CD439A6h 0x00000011 jmp 00007FB48CD439ACh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34F429 second address: 34F433 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB48D1AA686h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1D94 second address: 3B1DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FB48CD439A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007FB48CD439B6h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 jmp 00007FB48CD439B6h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1DD6 second address: 3B1DDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1DDA second address: 3B1DFC instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 jmp 00007FB48CD439AFh 0x00000017 pop edi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1DFC second address: 3B1E22 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB48D1AA690h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d jmp 00007FB48D1AA68Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1E22 second address: 3B1E3A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007FB48CD439A6h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1E3A second address: 3B1E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B1ED3 second address: 3B1F42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FB48CD439B7h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007FB48CD439B4h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jnl 00007FB48CD439B6h 0x0000001e jmp 00007FB48CD439B0h 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push ebx 0x0000002a jmp 00007FB48CD439B8h 0x0000002f pop ebx 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B210F second address: 3B2113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 34F3B2 second address: 34F3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B96B7 second address: 3B96E3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB48D1AA686h 0x00000008 jmp 00007FB48D1AA698h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B96E3 second address: 3B96E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B96E9 second address: 3B96ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B9AB7 second address: 3B9AC3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B9AC3 second address: 3B9AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B9AC7 second address: 3B9AD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439AAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B9D61 second address: 3B9D67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3B9D67 second address: 3B9D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C0783 second address: 3C0787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C0787 second address: 3C07B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007FB48CD439A6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a pop eax 0x0000001b jmp 00007FB48CD439B3h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BF19D second address: 3BF1C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FB48D1AA686h 0x0000000f jmp 00007FB48D1AA68Bh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BF1C1 second address: 3BF1C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BF92E second address: 3BF932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BF932 second address: 3BF94D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48CD439AFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BFD9A second address: 3BFDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BFDA0 second address: 3BFDA6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BFEF7 second address: 3BFEFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 36EFC1 second address: 36EFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB48CD439A6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 346F3B second address: 346F6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB48D1AA695h 0x00000008 jns 00007FB48D1AA686h 0x0000000e jne 00007FB48D1AA686h 0x00000014 popad 0x00000015 pushad 0x00000016 js 00007FB48D1AA686h 0x0000001c push eax 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3BEE9E second address: 3BEEA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C5A56 second address: 3C5A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C5A5A second address: 3C5A8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B4h 0x00000007 jp 00007FB48CD439A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 jg 00007FB48CD439AEh 0x00000017 jp 00007FB48CD439A6h 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387B7C second address: 387B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA692h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387B92 second address: 387B96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387D3E second address: 387D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387D42 second address: 387D48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387E72 second address: 387E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 387E78 second address: 387E94 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB48CD439ACh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3883D0 second address: 3883D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3883D4 second address: 3883FD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB48CD439B3h 0x0000000f popad 0x00000010 push eax 0x00000011 jo 00007FB48CD439B0h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 388525 second address: 388549 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3886F6 second address: 388700 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB48CD439ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 388700 second address: 38870C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 38870C second address: 388738 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jnl 00007FB48CD439A6h 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C4EB5 second address: 3C4EC1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB48D1AA68Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C4EC1 second address: 3C4EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FB48CD439EBh 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB48CD439B1h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C4EE0 second address: 3C4EFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FB48D1AA686h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C4EFF second address: 3C4F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C506A second address: 3C507C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C507C second address: 3C5096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB48CD439B5h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C5325 second address: 3C532D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C532D second address: 3C538B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FB48CD439B3h 0x0000000f jmp 00007FB48CD439AAh 0x00000014 jmp 00007FB48CD439AFh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FB48CD439B3h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C538B second address: 3C5395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FB48D1AA686h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C54B3 second address: 3C54BD instructions: 0x00000000 rdtsc 0x00000002 je 00007FB48CD439A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C54BD second address: 3C54C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3C7175 second address: 3C717A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CC789 second address: 3CC78D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB630 second address: 3CB655 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB48CD439A6h 0x00000008 jmp 00007FB48CD439AEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB48CD439ABh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB655 second address: 3CB673 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA698h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB673 second address: 3CB67D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB67D second address: 3CB681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBAEC second address: 3CBB06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48CD439B6h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBB06 second address: 3CBB0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBB0A second address: 3CBB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBB10 second address: 3CBB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FB48D1AA6A1h 0x0000000c jne 00007FB48D1AA686h 0x00000012 jmp 00007FB48D1AA695h 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB061 second address: 3CB066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB066 second address: 3CB072 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB48D1AA68Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB072 second address: 3CB086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jmp 00007FB48CD439ABh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB086 second address: 3CB094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB094 second address: 3CB0BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007FB48CD439ABh 0x0000000b jmp 00007FB48CD439B5h 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB0BB second address: 3CB0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CB0CA second address: 3CB0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBEAB second address: 3CBEBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 js 00007FB48D1AA688h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBEBB second address: 3CBED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48CD439AEh 0x00000009 pop edi 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CBED1 second address: 3CBED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CC07B second address: 3CC081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CC1C4 second address: 3CC1CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CF1DD second address: 3CF1E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3CF1E3 second address: 3CF1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FB48D1AA68Eh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3D6889 second address: 3D6894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3D6894 second address: 3D689E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3D65C1 second address: 3D65CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FB48CD439A6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3D65CB second address: 3D65D5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB48D1AA686h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3D8CED second address: 3D8CF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3DEE68 second address: 3DEE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007FB48D1AA686h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3DF415 second address: 3DF41C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3DF53F second address: 3DF55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB48D1AA686h 0x0000000a jmp 00007FB48D1AA691h 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3DF55B second address: 3DF573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3DF573 second address: 3DF577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2AC0 second address: 3E2ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB48CD439A6h 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2ACB second address: 3E2B03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Ch 0x00000007 js 00007FB48D1AA68Ch 0x0000000d js 00007FB48D1AA686h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jp 00007FB48D1AA688h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FB48D1AA691h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E241D second address: 3E2488 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB48CD439ADh 0x00000008 jnl 00007FB48CD439A6h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007FB48CD439B5h 0x0000001b jmp 00007FB48CD439B7h 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FB48CD439B8h 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2488 second address: 3E2490 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2490 second address: 3E2496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2496 second address: 3E249C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E2783 second address: 3E27C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B7h 0x00000007 jnc 00007FB48CD439A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FB48CD439B8h 0x00000014 pop edx 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E89D9 second address: 3E89DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E7E07 second address: 3E7E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E7E0D second address: 3E7E30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Ah 0x00000009 jmp 00007FB48D1AA695h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3E86BC second address: 3E86C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE1D3 second address: 3EE207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48D1AA693h 0x00000009 jmp 00007FB48D1AA699h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE207 second address: 3EE20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE552 second address: 3EE556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE816 second address: 3EE838 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB48CD439A8h 0x00000008 jng 00007FB48CD439A8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007FB48CD439A8h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE838 second address: 3EE83C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE83C second address: 3EE846 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE9DB second address: 3EE9E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE9E1 second address: 3EE9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jns 00007FB48CD439A6h 0x0000000c pop esi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE9EE second address: 3EE9F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE9F3 second address: 3EE9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EE9FB second address: 3EEA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 3EEE51 second address: 3EEE55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 405735 second address: 405739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 405739 second address: 40573F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 40573F second address: 40576C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB48D1AA69Bh 0x00000008 jmp 00007FB48D1AA695h 0x0000000d push ebx 0x0000000e jno 00007FB48D1AA686h 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 40576C second address: 40579B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jmp 00007FB48CD439ACh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB48CD439B6h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 40527D second address: 405281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 405281 second address: 405296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 407B51 second address: 407B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FB48D1AA686h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 407B5E second address: 407B7B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB48CD439ACh 0x00000008 jnc 00007FB48CD439A6h 0x0000000e pushad 0x0000000f jne 00007FB48CD439A6h 0x00000015 jg 00007FB48CD439A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 407B7B second address: 407B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jnc 00007FB48D1AA688h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB48D1AA68Fh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 415736 second address: 41573C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 41573C second address: 415742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 415742 second address: 415792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48CD439AFh 0x00000009 popad 0x0000000a jmp 00007FB48CD439B8h 0x0000000f pushad 0x00000010 jg 00007FB48CD439ACh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB48CD439B5h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 415792 second address: 41579D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 432D16 second address: 432D40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B1h 0x00000007 jmp 00007FB48CD439B5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 441FEC second address: 441FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB48D1AA68Ah 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 441FFF second address: 44201A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jbe 00007FB48CD439A6h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 jng 00007FB48CD439ACh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 44201A second address: 44201E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 441E82 second address: 441E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 441E88 second address: 441EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FB48D1AA68Ah 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007FB48D1AA686h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4443A8 second address: 4443BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB48CD439ADh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 445FAB second address: 445FBD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007FB48D1AA688h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 445FBD second address: 445FC4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4705FB second address: 470605 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB48D1AA686h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 470605 second address: 470619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FB48CD439A6h 0x0000000e jnl 00007FB48CD439A6h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 470619 second address: 470621 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 470621 second address: 47065F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB48CD439B1h 0x00000008 pop edx 0x00000009 ja 00007FB48CD439BEh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jl 00007FB48CD439B0h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 47463A second address: 474662 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FB48D1AA686h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 474662 second address: 474666 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4746F7 second address: 47470F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA694h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 47495B second address: 47495F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 47495F second address: 474986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 mov esi, ebx 0x0000000b mov edx, dword ptr [ebp+122D17EAh] 0x00000011 popad 0x00000012 push 00000004h 0x00000014 mov edx, 3AB3B311h 0x00000019 call 00007FB48D1AA689h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 pop eax 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 474986 second address: 474993 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB48CD439A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 474993 second address: 4749A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4749A4 second address: 4749BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FB48CD439A6h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007FB48CD439A8h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4749BE second address: 4749D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4749D0 second address: 4749E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB48CD439AAh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 4749E7 second address: 474A24 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB48D1AA686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007FB48D1AA692h 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 jnl 00007FB48D1AA68Ch 0x0000001c pushad 0x0000001d jmp 00007FB48D1AA68Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 475FB8 second address: 475FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 475FBC second address: 475FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB48D1AA686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 477EB1 second address: 477EB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53F073C second address: 53F0785 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB48D1AA694h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FB48D1AA690h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FB48D1AA697h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53F0785 second address: 53F07AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 2822506Ah 0x00000008 movsx edx, si 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB48CD439B4h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53F07AC second address: 53F07BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0168 second address: 53C01A5 instructions: 0x00000000 rdtsc 0x00000002 mov dx, 2A14h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push esi 0x0000000a pushad 0x0000000b push edx 0x0000000c mov di, ax 0x0000000f pop ecx 0x00000010 popad 0x00000011 mov dword ptr [esp], ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 pop edx 0x00000019 pushfd 0x0000001a jmp 00007FB48CD439B0h 0x0000001f xor esi, 58F23CF8h 0x00000025 jmp 00007FB48CD439ABh 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E11 second address: 53B0E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E15 second address: 53B0E1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E1B second address: 53B0E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA693h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E32 second address: 53B0E36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E36 second address: 53B0E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov si, FC51h 0x0000000e mov si, 0C8Dh 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007FB48D1AA698h 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FB48D1AA68Ah 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E72 second address: 53B0E81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E81 second address: 53B0E88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0E88 second address: 53B0EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push dword ptr [ebp+04h] 0x0000000a pushad 0x0000000b mov dl, 50h 0x0000000d call 00007FB48CD439B6h 0x00000012 pop ebx 0x00000013 popad 0x00000014 push dword ptr [ebp+0Ch] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a movzx esi, dx 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0EB6 second address: 53B0EBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0EBA second address: 53B0EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FB48CD439ABh 0x0000000c xor esi, 60C5555Eh 0x00000012 jmp 00007FB48CD439B9h 0x00000017 popfd 0x00000018 popad 0x00000019 push dword ptr [ebp+08h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0EF6 second address: 53B0EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0EFA second address: 53B0F0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53B0F0D second address: 53B0F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420DA8 second address: 5420DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420DAE second address: 5420DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420DB4 second address: 5420E01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FB48CD439B2h 0x00000010 and esi, 6845CDF8h 0x00000016 jmp 00007FB48CD439ABh 0x0000001b popfd 0x0000001c movzx ecx, dx 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007FB48CD439B2h 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420E01 second address: 5420E1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420E1E second address: 5420E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439ACh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400BD7 second address: 5400BDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400BDB second address: 5400BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400BE1 second address: 5400BE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54503C4 second address: 54503C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54503C9 second address: 5450465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FB48D1AA691h 0x0000000a xor esi, 7AC28B36h 0x00000010 jmp 00007FB48D1AA691h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b push eax 0x0000001c mov bx, 13BEh 0x00000020 pop edx 0x00000021 pushfd 0x00000022 jmp 00007FB48D1AA694h 0x00000027 or esi, 35E39188h 0x0000002d jmp 00007FB48D1AA68Bh 0x00000032 popfd 0x00000033 popad 0x00000034 push eax 0x00000035 pushad 0x00000036 mov si, dx 0x00000039 pushfd 0x0000003a jmp 00007FB48D1AA68Bh 0x0000003f xor ax, 35CEh 0x00000044 jmp 00007FB48D1AA699h 0x00000049 popfd 0x0000004a popad 0x0000004b xchg eax, ebp 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f movsx edi, si 0x00000052 mov edi, eax 0x00000054 popad 0x00000055 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5450465 second address: 545048F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FB48CD439B7h 0x00000008 pop esi 0x00000009 mov eax, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cl, 46h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 545048F second address: 5450498 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, AB31h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430EBE second address: 5430ECD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430ECD second address: 5430EFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB48D1AA68Dh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430EFA second address: 5430F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430F00 second address: 5430F1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA693h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430F1F second address: 5430F35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FB48CD439B0h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C07E4 second address: 53C07F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C07F4 second address: 53C07F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C07F8 second address: 53C0823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FB48D1AA699h 0x00000011 mov eax, 0FC88FD7h 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0823 second address: 53C083F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420EA5 second address: 5420EBF instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB48D1AA68Fh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420EBF second address: 5420ED7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54305A5 second address: 54305AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54305AB second address: 54305AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54305AF second address: 54305D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB48D1AA696h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54305D5 second address: 54305D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54305D9 second address: 54305F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA699h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400A50 second address: 5400AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FB48CD439B1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FB48CD439B6h 0x00000019 or ax, E548h 0x0000001e jmp 00007FB48CD439ABh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400AA4 second address: 5400B06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48D1AA68Fh 0x00000009 add ah, FFFFFF8Eh 0x0000000c jmp 00007FB48D1AA699h 0x00000011 popfd 0x00000012 movzx eax, bx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b call 00007FB48D1AA699h 0x00000020 movzx eax, dx 0x00000023 pop edx 0x00000024 call 00007FB48D1AA68Ah 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400B06 second address: 5400B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400B13 second address: 5400B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400B17 second address: 5400B1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400B1B second address: 5400B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440156 second address: 5440165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440165 second address: 544018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48D1AA68Fh 0x00000009 jmp 00007FB48D1AA693h 0x0000000e popfd 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 544018E second address: 54401F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 jmp 00007FB48CD439B4h 0x0000000d push eax 0x0000000e jmp 00007FB48CD439ABh 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ecx, edi 0x00000019 pushfd 0x0000001a jmp 00007FB48CD439B7h 0x0000001f sbb esi, 602ADB8Eh 0x00000025 jmp 00007FB48CD439B9h 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54401F5 second address: 5440208 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440208 second address: 544020C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 544020C second address: 5440212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440212 second address: 5440241 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB48CD439B5h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53E0921 second address: 53E0935 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 69h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov dx, si 0x0000000e mov esi, 34F348C1h 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53E0935 second address: 53E099B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB48CD439ADh 0x00000008 push esi 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FB48CD439B8h 0x00000016 jmp 00007FB48CD439B5h 0x0000001b popfd 0x0000001c mov dx, si 0x0000001f popad 0x00000020 pop ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 call 00007FB48CD439B6h 0x00000029 pop esi 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440D5F second address: 5440D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440D63 second address: 5440D83 instructions: 0x00000000 rdtsc 0x00000002 mov ch, F6h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov dl, 0Dh 0x00000009 mov bx, ax 0x0000000c popad 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB48CD439AFh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440D83 second address: 5440D89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440D89 second address: 5440D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440D8D second address: 5440E18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ebx, 10936748h 0x00000013 mov bx, AFF4h 0x00000017 popad 0x00000018 push edi 0x00000019 call 00007FB48D1AA698h 0x0000001e pop esi 0x0000001f pop edi 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FB48D1AA68Eh 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a mov cx, A66Dh 0x0000002e mov eax, 08D43C69h 0x00000033 popad 0x00000034 xchg eax, ecx 0x00000035 pushad 0x00000036 call 00007FB48D1AA691h 0x0000003b mov si, B277h 0x0000003f pop eax 0x00000040 popad 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FB48D1AA699h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440E18 second address: 5440E1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440E1E second address: 5440E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440E22 second address: 5440E3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB48CD439B2h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440E3F second address: 5440EBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [76FA65FCh] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FB48D1AA690h 0x00000015 sub ah, 00000058h 0x00000018 jmp 00007FB48D1AA68Bh 0x0000001d popfd 0x0000001e popad 0x0000001f test eax, eax 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FB48D1AA694h 0x00000028 adc si, 20B8h 0x0000002d jmp 00007FB48D1AA68Bh 0x00000032 popfd 0x00000033 mov edi, esi 0x00000035 popad 0x00000036 je 00007FB4FEC8D14Bh 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FB48D1AA691h 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440EBA second address: 5440EC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440EC0 second address: 5440EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440EC4 second address: 5440EF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a jmp 00007FB48CD439AFh 0x0000000f xor eax, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov si, 65B7h 0x00000019 call 00007FB48CD439ACh 0x0000001e pop ecx 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440EF5 second address: 5440EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540002C second address: 5400032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400032 second address: 5400036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400036 second address: 540003A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540003A second address: 5400052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB48D1AA68Dh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400052 second address: 5400058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400058 second address: 540005C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540005C second address: 54000C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FB48CD439AFh 0x0000000e mov ebp, esp 0x00000010 jmp 00007FB48CD439B6h 0x00000015 and esp, FFFFFFF8h 0x00000018 pushad 0x00000019 push esi 0x0000001a pushfd 0x0000001b jmp 00007FB48CD439ADh 0x00000020 xor eax, 5B593B96h 0x00000026 jmp 00007FB48CD439B1h 0x0000002b popfd 0x0000002c pop ecx 0x0000002d mov edx, 7C95F534h 0x00000032 popad 0x00000033 push edx 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54000C2 second address: 540012E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, 2FEFh 0x0000000d popad 0x0000000e mov dword ptr [esp], ecx 0x00000011 jmp 00007FB48D1AA692h 0x00000016 xchg eax, ebx 0x00000017 jmp 00007FB48D1AA690h 0x0000001c push eax 0x0000001d jmp 00007FB48D1AA68Bh 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 movzx esi, dx 0x00000027 mov ebx, 0164C424h 0x0000002c popad 0x0000002d mov ebx, dword ptr [ebp+10h] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FB48D1AA696h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540012E second address: 540016F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FB48CD439B6h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FB48CD439B7h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540016F second address: 5400173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400173 second address: 540021B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB48CD439B6h 0x0000000b popad 0x0000000c xchg eax, esi 0x0000000d pushad 0x0000000e push eax 0x0000000f call 00007FB48CD439ADh 0x00000014 pop eax 0x00000015 pop edi 0x00000016 mov dh, ah 0x00000018 popad 0x00000019 mov esi, dword ptr [ebp+08h] 0x0000001c jmp 00007FB48CD439B9h 0x00000021 xchg eax, edi 0x00000022 pushad 0x00000023 push ecx 0x00000024 call 00007FB48CD439B3h 0x00000029 pop ecx 0x0000002a pop ebx 0x0000002b call 00007FB48CD439B6h 0x00000030 pushfd 0x00000031 jmp 00007FB48CD439B2h 0x00000036 and ax, C118h 0x0000003b jmp 00007FB48CD439ABh 0x00000040 popfd 0x00000041 pop esi 0x00000042 popad 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540021B second address: 540021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540021F second address: 5400223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400223 second address: 540025C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx esi, dx 0x00000009 popad 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c movsx ebx, ax 0x0000000f mov ah, 83h 0x00000011 popad 0x00000012 test esi, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 call 00007FB48D1AA694h 0x0000001c pop ecx 0x0000001d call 00007FB48D1AA68Bh 0x00000022 pop eax 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540025C second address: 5400275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B5h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400275 second address: 54002E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA691h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FB4FECC8A0Fh 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FB48D1AA68Ch 0x00000018 or ax, 8A98h 0x0000001d jmp 00007FB48D1AA68Bh 0x00000022 popfd 0x00000023 movzx eax, di 0x00000026 popad 0x00000027 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000002e jmp 00007FB48D1AA68Bh 0x00000033 je 00007FB4FECC89EAh 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FB48D1AA692h 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54002E2 second address: 5400334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FB48CD439B2h 0x0000000f jmp 00007FB48CD439B5h 0x00000014 popfd 0x00000015 popad 0x00000016 mov edx, dword ptr [esi+44h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB48CD439ADh 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400334 second address: 5400344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400344 second address: 540035B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or edx, dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB48CD439AAh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 540035B second address: 54003A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f jmp 00007FB48D1AA696h 0x00000014 jne 00007FB4FECC8988h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB48D1AA697h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54003A5 second address: 54003E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 mov al, bh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [esi+48h], 00000001h 0x0000000f jmp 00007FB48CD439AAh 0x00000014 jne 00007FB4FE861C89h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push edi 0x0000001e pop ecx 0x0000001f call 00007FB48CD439B9h 0x00000024 pop eax 0x00000025 popad 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420178 second address: 5420194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA698h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420194 second address: 542019A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542019A second address: 54201DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d call 00007FB48D1AA68Ch 0x00000012 mov cx, 8CD1h 0x00000016 pop esi 0x00000017 pushad 0x00000018 mov dx, E610h 0x0000001c mov edx, 77CB533Ch 0x00000021 popad 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FB48D1AA68Eh 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54201DE second address: 54201F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 push ebx 0x00000007 pop esi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54201F2 second address: 54201F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54201F6 second address: 54201FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54201FC second address: 542027E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA693h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FB48D1AA696h 0x0000000f push eax 0x00000010 jmp 00007FB48D1AA68Bh 0x00000015 xchg eax, ebx 0x00000016 jmp 00007FB48D1AA696h 0x0000001b xchg eax, esi 0x0000001c jmp 00007FB48D1AA690h 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov edi, esi 0x00000027 call 00007FB48D1AA698h 0x0000002c pop eax 0x0000002d popad 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542027E second address: 54202B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48CD439AEh 0x00000009 xor ah, 00000038h 0x0000000c jmp 00007FB48CD439ABh 0x00000011 popfd 0x00000012 movzx esi, di 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FB48CD439AEh 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54202B6 second address: 542032B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48D1AA691h 0x00000009 jmp 00007FB48D1AA68Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FB48D1AA698h 0x00000015 xor ecx, 56BD3A28h 0x0000001b jmp 00007FB48D1AA68Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 mov esi, dword ptr [ebp+08h] 0x00000027 jmp 00007FB48D1AA696h 0x0000002c sub ebx, ebx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov eax, 1E52A859h 0x00000036 mov edi, esi 0x00000038 popad 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542032B second address: 5420331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420331 second address: 5420360 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FB48D1AA693h 0x00000015 movzx esi, di 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420360 second address: 542040D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FB4FE8399BEh 0x0000000f jmp 00007FB48CD439B0h 0x00000014 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001b pushad 0x0000001c call 00007FB48CD439AEh 0x00000021 pushad 0x00000022 popad 0x00000023 pop ecx 0x00000024 mov bh, 78h 0x00000026 popad 0x00000027 mov ecx, esi 0x00000029 pushad 0x0000002a call 00007FB48CD439B6h 0x0000002f call 00007FB48CD439B2h 0x00000034 pop ecx 0x00000035 pop ebx 0x00000036 mov esi, 5A33E967h 0x0000003b popad 0x0000003c je 00007FB4FE83996Eh 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 pushfd 0x00000046 jmp 00007FB48CD439B6h 0x0000004b adc ecx, 7F558AC8h 0x00000051 jmp 00007FB48CD439ABh 0x00000056 popfd 0x00000057 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542040D second address: 5420411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420411 second address: 54204AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 test byte ptr [76FA6968h], 00000002h 0x0000000e pushad 0x0000000f mov bx, B9A4h 0x00000013 call 00007FB48CD439ADh 0x00000018 jmp 00007FB48CD439B0h 0x0000001d pop ecx 0x0000001e popad 0x0000001f jne 00007FB4FE839919h 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FB48CD439B7h 0x0000002c or si, 671Eh 0x00000031 jmp 00007FB48CD439B9h 0x00000036 popfd 0x00000037 pushfd 0x00000038 jmp 00007FB48CD439B0h 0x0000003d add eax, 395CD518h 0x00000043 jmp 00007FB48CD439ABh 0x00000048 popfd 0x00000049 popad 0x0000004a mov edx, dword ptr [ebp+0Ch] 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 mov di, si 0x00000053 popad 0x00000054 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54204AF second address: 54204B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54204B5 second address: 54204B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54204B9 second address: 54204BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54204BD second address: 542051B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx eax, dx 0x0000000d call 00007FB48CD439B9h 0x00000012 pop edx 0x00000013 popad 0x00000014 mov dword ptr [esp], ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov bx, C8FAh 0x0000001e pushfd 0x0000001f jmp 00007FB48CD439ABh 0x00000024 or si, 1C9Eh 0x00000029 jmp 00007FB48CD439B9h 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542051B second address: 54205AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 0C560CB2h 0x00000008 mov si, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 movzx esi, bx 0x00000013 pushfd 0x00000014 jmp 00007FB48D1AA68Dh 0x00000019 sub ah, FFFFFF86h 0x0000001c jmp 00007FB48D1AA691h 0x00000021 popfd 0x00000022 popad 0x00000023 mov dword ptr [esp], ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FB48D1AA693h 0x0000002f or ch, FFFFFFBEh 0x00000032 jmp 00007FB48D1AA699h 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007FB48D1AA690h 0x0000003e adc ch, FFFFFFB8h 0x00000041 jmp 00007FB48D1AA68Bh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54205AA second address: 54205AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54205AF second address: 54205D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, cx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+14h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FB48D1AA693h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54205D1 second address: 54205E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FB48CD439AFh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54205E6 second address: 54205F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push dword ptr [ebp+10h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov dh, 9Eh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420631 second address: 5420637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5420637 second address: 542063B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 542063B second address: 54206B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jmp 00007FB48CD439B6h 0x00000011 pop ebx 0x00000012 jmp 00007FB48CD439B0h 0x00000017 mov esp, ebp 0x00000019 pushad 0x0000001a mov ax, 769Dh 0x0000001e pushfd 0x0000001f jmp 00007FB48CD439AAh 0x00000024 or si, 5BF8h 0x00000029 jmp 00007FB48CD439ABh 0x0000002e popfd 0x0000002f popad 0x00000030 pop ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FB48CD439B5h 0x00000038 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54206B0 second address: 54206B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400F3E second address: 5400F44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54719D4 second address: 54719E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA68Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5471A7D second address: 5471A83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5471A83 second address: 5471AA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB48D1AA68Ah 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5471AA4 second address: 5471AAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5471AAA second address: 54719D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c lea eax, dword ptr [ebp-10h] 0x0000000f push eax 0x00000010 call ebx 0x00000012 mov edi, edi 0x00000014 jmp 00007FB48D1AA699h 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b call 00007FB48D1AA68Ch 0x00000020 mov di, cx 0x00000023 pop esi 0x00000024 pushfd 0x00000025 jmp 00007FB48D1AA697h 0x0000002a or ah, 0000001Eh 0x0000002d jmp 00007FB48D1AA699h 0x00000032 popfd 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FB48D1AA68Ch 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C03FB second address: 53C0451 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48CD439AFh 0x00000009 sub si, 015Eh 0x0000000e jmp 00007FB48CD439B9h 0x00000013 popfd 0x00000014 mov di, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FB48CD439AAh 0x00000020 push eax 0x00000021 jmp 00007FB48CD439ABh 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0451 second address: 53C0455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0455 second address: 53C0470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0470 second address: 53C04CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007FB48D1AA693h 0x00000011 mov ecx, 0EE135CFh 0x00000016 popad 0x00000017 xchg eax, ecx 0x00000018 jmp 00007FB48D1AA692h 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FB48D1AA68Ch 0x00000027 add si, 63A8h 0x0000002c jmp 00007FB48D1AA68Bh 0x00000031 popfd 0x00000032 push esi 0x00000033 pop ebx 0x00000034 popad 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C04CD second address: 53C04DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bh, B8h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C04DD second address: 53C04E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C04E2 second address: 53C04F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439AAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C05BF second address: 53C05D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA694h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C05D7 second address: 53C0662 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FB48CD439B2h 0x00000015 add ecx, 201499D8h 0x0000001b jmp 00007FB48CD439ABh 0x00000020 popfd 0x00000021 popad 0x00000022 pushfd 0x00000023 jmp 00007FB48CD439B4h 0x00000028 sub cx, E438h 0x0000002d jmp 00007FB48CD439ABh 0x00000032 popfd 0x00000033 popad 0x00000034 js 00007FB4FD2AF41Ah 0x0000003a pushad 0x0000003b mov al, 5Eh 0x0000003d mov eax, edi 0x0000003f popad 0x00000040 mov eax, dword ptr [ebp-04h] 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 jmp 00007FB48CD439B4h 0x0000004b mov ebx, ecx 0x0000004d popad 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53C0662 second address: 53C0695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB48D1AA695h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0C51 second address: 53A0C57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0C57 second address: 53A0C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0C5B second address: 53A0C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0C5F second address: 53A0C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB48D1AA68Bh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0C75 second address: 53A0CAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FB48CD439AEh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0CAA second address: 53A0CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0CB0 second address: 53A0CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0CB5 second address: 53A0CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB48D1AA68Fh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0CD2 second address: 53A0CD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 53A0CD6 second address: 53A0CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5430165 second address: 54301E3 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FB48CD439B8h 0x00000008 adc eax, 63B35FE8h 0x0000000e jmp 00007FB48CD439ABh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ah, 3Bh 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007FB48CD439B2h 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 mov ax, 921Dh 0x00000025 pushfd 0x00000026 jmp 00007FB48CD439AAh 0x0000002b adc ax, 7D78h 0x00000030 jmp 00007FB48CD439ABh 0x00000035 popfd 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FB48CD439B0h 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54301E3 second address: 54301F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54301F2 second address: 54301F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54301F8 second address: 5430238 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop edi 0x00000010 pushfd 0x00000011 jmp 00007FB48D1AA68Eh 0x00000016 jmp 00007FB48D1AA695h 0x0000001b popfd 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop edi 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5400D44 second address: 5400D4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54902FB second address: 549030F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA690h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 549030F second address: 5490313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5490313 second address: 5490369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FB48D1AA68Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FB48D1AA690h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FB48D1AA68Dh 0x0000001f sub ecx, 2F9F2C56h 0x00000025 jmp 00007FB48D1AA691h 0x0000002a popfd 0x0000002b mov edi, eax 0x0000002d popad 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5490369 second address: 5490385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48CD439B8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5490385 second address: 549039F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA68Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e pushad 0x0000000f mov edx, esi 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 549039F second address: 5490463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push dword ptr [ebp+08h] 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FB48CD439B6h 0x00000010 or cl, 00000038h 0x00000013 jmp 00007FB48CD439ABh 0x00000018 popfd 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FB48CD439B6h 0x00000020 adc ah, FFFFFF98h 0x00000023 jmp 00007FB48CD439ABh 0x00000028 popfd 0x00000029 mov di, cx 0x0000002c popad 0x0000002d popad 0x0000002e call 00007FB48CD439A9h 0x00000033 pushad 0x00000034 mov ax, 6947h 0x00000038 push ecx 0x00000039 pushfd 0x0000003a jmp 00007FB48CD439B3h 0x0000003f and cx, 330Eh 0x00000044 jmp 00007FB48CD439B9h 0x00000049 popfd 0x0000004a pop esi 0x0000004b popad 0x0000004c push eax 0x0000004d jmp 00007FB48CD439AEh 0x00000052 mov eax, dword ptr [esp+04h] 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FB48CD439ADh 0x0000005f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5490463 second address: 5490478 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA691h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54406F4 second address: 5440760 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FB48CD439B1h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007FB48CD439AEh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FB48CD439ADh 0x00000020 sub ecx, 640EEE96h 0x00000026 jmp 00007FB48CD439B1h 0x0000002b popfd 0x0000002c mov ch, 17h 0x0000002e popad 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440760 second address: 5440766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440766 second address: 544076A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 544076A second address: 54407A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA694h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and esp, FFFFFFF0h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB48D1AA697h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54407A0 second address: 54407C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 44h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54407C6 second address: 54407CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54407CA second address: 54407D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54407D0 second address: 54407D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54407D6 second address: 5440800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FB48CD439B0h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440800 second address: 5440804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440804 second address: 544080A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 544080A second address: 5440820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB48D1AA692h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440820 second address: 5440824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440940 second address: 5440944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440944 second address: 544094A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 544094A second address: 54409AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FB48D1AA692h 0x00000009 and esi, 36507268h 0x0000000f jmp 00007FB48D1AA68Bh 0x00000014 popfd 0x00000015 mov cx, 605Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c lock bts dword ptr [edi], 00000000h 0x00000021 jmp 00007FB48D1AA692h 0x00000026 jc 00007FB4FEC2C129h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FB48D1AA697h 0x00000033 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54409AF second address: 5440A0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a jmp 00007FB48CD439AEh 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bl, 71h 0x00000015 pushfd 0x00000016 jmp 00007FB48CD439B6h 0x0000001b sbb ax, DBE8h 0x00000020 jmp 00007FB48CD439ABh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440A0A second address: 5440A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440A10 second address: 5440A53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c jmp 00007FB48CD439B6h 0x00000011 mov esp, ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB48CD439B7h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440A53 second address: 5440A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB48D1AA698h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440A77 second address: 5440A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440388 second address: 54403DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FB48D1AA696h 0x00000010 xchg eax, ebx 0x00000011 jmp 00007FB48D1AA690h 0x00000016 push eax 0x00000017 jmp 00007FB48D1AA68Bh 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54403DF second address: 54403E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54403E3 second address: 54403FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54403FE second address: 54404C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov bh, ah 0x0000000d pushfd 0x0000000e jmp 00007FB48CD439B9h 0x00000013 sbb ch, 00000066h 0x00000016 jmp 00007FB48CD439B1h 0x0000001b popfd 0x0000001c popad 0x0000001d push eax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FB48CD439B7h 0x00000025 jmp 00007FB48CD439B3h 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007FB48CD439B8h 0x00000031 sub ecx, 799EF998h 0x00000037 jmp 00007FB48CD439ABh 0x0000003c popfd 0x0000003d popad 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FB48CD439B5h 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54404C1 second address: 5440539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48D1AA691h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FB48D1AA68Ah 0x00000014 or ch, 00000058h 0x00000017 jmp 00007FB48D1AA68Bh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007FB48D1AA698h 0x00000023 sub esi, 610D88B8h 0x00000029 jmp 00007FB48D1AA68Bh 0x0000002e popfd 0x0000002f popad 0x00000030 mov eax, 599228EFh 0x00000035 popad 0x00000036 sub ecx, ecx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FB48D1AA68Eh 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 5440539 second address: 54405B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FB48CD439B6h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov dx, 2924h 0x00000015 jmp 00007FB48CD439ADh 0x0000001a popad 0x0000001b xchg eax, edi 0x0000001c jmp 00007FB48CD439AEh 0x00000021 mov eax, 00000001h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FB48CD439ADh 0x0000002f sub esi, 0EB998C6h 0x00000035 jmp 00007FB48CD439B1h 0x0000003a popfd 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54405B2 second address: 54405B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\vEaFCBsRb7.exe |
RDTSC instruction interceptor: First address: 54405B7 second address: 54405DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB48CD439B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [esi], ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |