Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:27060 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2691243318.0000000006179000.00000002.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409055917.0000000005B3C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.globalsign.com/rootr30; |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/privacy_agreement/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://store.steampowered.com/subscriber_agreement/ |
Source: Amcache.hve.5.dr |
String found in binary or memory: http://upx.sf.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.valvesoftware.com/legal.htm |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.c.lencr.org/0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204940421.0000000005B39000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://x1.i.lencr.org/0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aui-cdn.atlassian.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-pg=q |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001188000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B01000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B00000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001143000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1- |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688197419.00000000011AD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/TU |
Source: TmmiCE5Ulm.exe, TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001113000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334259914.0000000001199000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001113000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2687761991.0000000000DDA000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0 |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001149000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe_1 |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exef |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2687870915.0000000001128000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://broadcast.st.dl.eccdnx.com |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.cookielaw.org/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://checkout.steampowered.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap& |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english& |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe& |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S& |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://dz8aopenkvv6s.cloudfront.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://help.steampowered.com/en/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2270145793.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2231698697.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/2 |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2689933527.0000000005A80000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/=9 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001128000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001128000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334452536.000000000112B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204720643.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2334313230.0000000001149000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204795356.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204356484.0000000005B00000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/api |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/b |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2334229101.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2228599565.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/d |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001113000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2252932999.00000000011AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/pi |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001161000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/pi: |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2252932999.00000000011AB000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/plF |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2204525623.0000000001193000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2205019616.000000000118B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com/tF |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2270285574.0000000001143000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lev-tolstoi.com:443/api |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.steampowered.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://lv.queniujq.cn |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://medal.tv |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://player.vimeo.com |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://recaptcha.net/recaptcha/; |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688164936.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B06000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://s.ytimg.com; |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://sketchfab.com |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steam.tv/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast-test.akamaized.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcast.akamaized.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steambroadcastchat.akamaized.net |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/discussions/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/market/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/my/wishlist/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.000000000110D000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://steamcommunity.com/workshop/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001184000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowere |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/; |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2155269616.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132726091.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/about/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/explore/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001192000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/legal/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/mobile |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/news/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/points/shop/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/privacy_agreement/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/stats/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/steam_refunds/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://store.steampowered.com/subscriber_agreement/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: TmmiCE5Ulm.exe, 00000000.00000002.2688215527.00000000011B9000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B09000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409438639.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206551720.0000000005B03000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2408821041.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409381050.00000000011A4000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409146236.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2409198579.000000000119C000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2690091376.0000000005B16000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000002.2688182205.00000000011A5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2156635804.0000000005AC1000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156755347.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2156870694.0000000005ABE000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/recaptcha/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.cn/recaptcha/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.gstatic.com/recaptcha/ |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2206287989.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2132585943.00000000011A6000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109217722.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com |
Source: TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001154000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2204525623.000000000118B000.00000004.00000020.00020000.00000000.sdmp, TmmiCE5Ulm.exe, 00000000.00000003.2109270676.0000000001184000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/ |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 747FE3 second address: 747FF5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F05F0F59496h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 747FF5 second address: 748002 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B0A40 second address: 8B0A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B0A46 second address: 8B0A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B0A4C second address: 8B0A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BF1A5 second address: 8BF1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F05F0F4975Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BF4BA second address: 8BF4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BF5FE second address: 8BF602 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BF602 second address: 8BF610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F05F0F594A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BF610 second address: 8BF616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8BFA05 second address: 8BFA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F594A6h 0x0000000c jmp 00007F05F0F5949Ch 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C2066 second address: 8C206B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C2172 second address: 8C21CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jno 00007F05F0F594ADh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F05F0F59498h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 add edi, dword ptr [ebp+122D2DF5h] 0x0000002f mov ecx, eax 0x00000031 jne 00007F05F0F59497h 0x00000037 cld 0x00000038 push 9AD9630Eh 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 pop eax 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C21CD second address: 8C21E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49763h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C21E8 second address: 8C223A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 65269D72h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F05F0F59498h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 push 00000003h 0x0000002a mov dword ptr [ebp+122D26A8h], ebx 0x00000030 push 00000000h 0x00000032 mov si, C0BAh 0x00000036 push 00000003h 0x00000038 mov dword ptr [ebp+122D279Fh], esi 0x0000003e push 515D0900h 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C223A second address: 8C223E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C22F3 second address: 8C2364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F05F0F59498h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push esi 0x00000028 call 00007F05F0F594A8h 0x0000002d mov di, bx 0x00000030 pop edi 0x00000031 pop esi 0x00000032 push 00000000h 0x00000034 sub esi, 0EA2B86Ch 0x0000003a mov dword ptr [ebp+122D27C9h], edx 0x00000040 push 2ACB4DFEh 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F05F0F5949Eh 0x0000004c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8C2364 second address: 8C243C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05F0F4975Ch 0x00000008 jc 00007F05F0F49756h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [esp], 2ACB4D7Eh 0x00000018 sub dword ptr [ebp+122D27F4h], ebx 0x0000001e push 00000003h 0x00000020 push edx 0x00000021 mov dword ptr [ebp+122D35EBh], edx 0x00000027 pop ecx 0x00000028 push 00000000h 0x0000002a jne 00007F05F0F4975Ch 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push edx 0x00000035 call 00007F05F0F49758h 0x0000003a pop edx 0x0000003b mov dword ptr [esp+04h], edx 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc edx 0x00000048 push edx 0x00000049 ret 0x0000004a pop edx 0x0000004b ret 0x0000004c push 94BE2F36h 0x00000051 pushad 0x00000052 push esi 0x00000053 jmp 00007F05F0F49763h 0x00000058 pop esi 0x00000059 jmp 00007F05F0F49767h 0x0000005e popad 0x0000005f xor dword ptr [esp], 54BE2F36h 0x00000066 jl 00007F05F0F49756h 0x0000006c lea ebx, dword ptr [ebp+1244DF35h] 0x00000072 call 00007F05F0F49768h 0x00000077 or dword ptr [ebp+122D278Fh], edi 0x0000007d pop ecx 0x0000007e push eax 0x0000007f push eax 0x00000080 push edx 0x00000081 push edi 0x00000082 jmp 00007F05F0F4975Bh 0x00000087 pop edi 0x00000088 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E2767 second address: 8E276D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E28FC second address: 8E2900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E2900 second address: 8E2904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E2BDE second address: 8E2BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E35EC second address: 8E35F2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E3742 second address: 8E3746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E3746 second address: 8E3750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E3750 second address: 8E3781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F05F0F49760h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8D692F second address: 8D6969 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F05F0F594A5h 0x0000000c jmp 00007F05F0F5949Fh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push edi 0x00000018 jg 00007F05F0F59496h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8D6969 second address: 8D697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F05F0F49756h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8D697E second address: 8D69AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 jmp 00007F05F0F594A0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8D69AC second address: 8D69B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B5AB6 second address: 8B5AC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F05F0F59496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B5AC0 second address: 8B5AE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jnc 00007F05F0F49756h 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B5AE8 second address: 8B5AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F05F0F59496h 0x0000000a pop esi 0x0000000b push edi 0x0000000c jnp 00007F05F0F59496h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B5AFF second address: 8B5B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B5B03 second address: 8B5B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E3FC0 second address: 8E3FE1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F05F0F49756h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f jmp 00007F05F0F4975Eh 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E3FE1 second address: 8E3FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E4162 second address: 8E4199 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F4975Ch 0x00000008 pop ebx 0x00000009 jmp 00007F05F0F49764h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F05F0F4975Bh 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E4199 second address: 8E41B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E41B6 second address: 8E41BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E41BC second address: 8E41C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E4737 second address: 8E473B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E473B second address: 8E4741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E4741 second address: 8E4749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E4749 second address: 8E474D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8E474D second address: 8E4751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EB6F6 second address: 8EB6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF6A3 second address: 8EF6BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007F05F0F49756h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jp 00007F05F0F49756h 0x00000011 jno 00007F05F0F49756h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EEEAF second address: 8EEEB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF1E9 second address: 8EF1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jo 00007F05F0F49756h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF346 second address: 8EF34A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF4E4 second address: 8EF4FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Dh 0x00000009 js 00007F05F0F49756h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF4FB second address: 8EF537 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007F05F0F5949Ah 0x00000012 push edi 0x00000013 pop edi 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 jbe 00007F05F0F59496h 0x0000001f jmp 00007F05F0F594A2h 0x00000024 popad 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8EF537 second address: 8EF53D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F21AA second address: 8F220F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 je 00007F05F0F59496h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 1C44F466h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F05F0F59498h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007F05F0F594A0h 0x00000032 cld 0x00000033 push BD85BC10h 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F05F0F594A5h 0x0000003f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F27BD second address: 8F27C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F2E87 second address: 8F2E8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F2E8D second address: 8F2E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F2E91 second address: 8F2EA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F2EA3 second address: 8F2EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F3200 second address: 8F320F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F320F second address: 8F3229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4B69 second address: 8F4B6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F69C4 second address: 8F69C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F69C9 second address: 8F69CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F7521 second address: 8F7525 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F7525 second address: 8F752B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FDECF second address: 8FDED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FDED3 second address: 8FDF5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F05F0F59498h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F05F0F59498h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov dword ptr [ebp+1247195Ch], ecx 0x00000033 push 00000000h 0x00000035 mov edi, esi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edx 0x0000003c call 00007F05F0F59498h 0x00000041 pop edx 0x00000042 mov dword ptr [esp+04h], edx 0x00000046 add dword ptr [esp+04h], 00000015h 0x0000004e inc edx 0x0000004f push edx 0x00000050 ret 0x00000051 pop edx 0x00000052 ret 0x00000053 mov di, si 0x00000056 jmp 00007F05F0F594A1h 0x0000005b mov dword ptr [ebp+122D1F07h], ebx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jno 00007F05F0F5949Ch 0x0000006a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FDF5E second address: 8FDF71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FEDD7 second address: 8FEE25 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F05F0F594A0h 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 sub bl, FFFFFF81h 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 mov esi, dword ptr [ebp+122D26FAh] 0x0000001f xor ebx, dword ptr [ebp+122D2FD1h] 0x00000025 popad 0x00000026 mov di, dx 0x00000029 push 00000000h 0x0000002b mov ebx, dword ptr [ebp+122D3977h] 0x00000031 mov di, dx 0x00000034 xchg eax, esi 0x00000035 push eax 0x00000036 push edx 0x00000037 ja 00007F05F0F5949Ch 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FEE25 second address: 8FEE2F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F4975Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FFEAE second address: 8FFEB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 900F84 second address: 900F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 900F88 second address: 900F92 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 900F92 second address: 900FB0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F49762h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 900FB0 second address: 900FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 902F0F second address: 902F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 902F15 second address: 902F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FD1E4 second address: 8FD1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8FFFCA second address: 8FFFD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9010D5 second address: 901138 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+12460D09h] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F05F0F49758h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 mov edi, 61011093h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 cmc 0x00000041 mov eax, dword ptr [ebp+122D04F5h] 0x00000047 push FFFFFFFFh 0x00000049 pushad 0x0000004a sub dword ptr [ebp+124719C9h], ebx 0x00000050 popad 0x00000051 nop 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 js 00007F05F0F49756h 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90314D second address: 903153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 905537 second address: 905555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F49765h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 903153 second address: 903175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9057F8 second address: 905802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F05F0F49756h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 903175 second address: 903179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 905802 second address: 905806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 903179 second address: 90317F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9075D2 second address: 9075DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F05F0F49756h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9083A9 second address: 9083AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9083AD second address: 9083B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9085A4 second address: 9085B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90952C second address: 909535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 909535 second address: 909539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90B511 second address: 90B515 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 909539 second address: 90954F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F05F0F5949Ch 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90C3C6 second address: 90C43B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F05F0F49767h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+12451BA9h], esi 0x00000016 push 00000000h 0x00000018 or bx, F3EAh 0x0000001d mov ebx, dword ptr [ebp+122D2DF9h] 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F05F0F49758h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 00000017h 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f mov ebx, dword ptr [ebp+122D3798h] 0x00000045 xchg eax, esi 0x00000046 jnc 00007F05F0F4975Ch 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 jc 00007F05F0F49756h 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90B515 second address: 90B519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90954F second address: 909555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90C43B second address: 90C440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90B519 second address: 90B5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D2682h], edx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 add edi, 152BCD00h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F05F0F49758h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 00000015h 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov edi, dword ptr [ebp+122D2F55h] 0x00000044 mov dword ptr [ebp+122D2757h], ecx 0x0000004a mov eax, dword ptr [ebp+122D0911h] 0x00000050 push 00000000h 0x00000052 push esi 0x00000053 call 00007F05F0F49758h 0x00000058 pop esi 0x00000059 mov dword ptr [esp+04h], esi 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc esi 0x00000066 push esi 0x00000067 ret 0x00000068 pop esi 0x00000069 ret 0x0000006a mov edi, ecx 0x0000006c push FFFFFFFFh 0x0000006e js 00007F05F0F49759h 0x00000074 mov di, si 0x00000077 nop 0x00000078 push eax 0x00000079 push edx 0x0000007a pushad 0x0000007b pushad 0x0000007c popad 0x0000007d push ecx 0x0000007e pop ecx 0x0000007f popad 0x00000080 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 909555 second address: 909559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90B5A2 second address: 90B5BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 ja 00007F05F0F49756h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e js 00007F05F0F49758h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 909559 second address: 90955D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 90B5BC second address: 90B5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 914611 second address: 914617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 914617 second address: 914630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Bh 0x00000009 popad 0x0000000a pushad 0x0000000b jg 00007F05F0F49756h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 914630 second address: 914636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 918190 second address: 918194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 917844 second address: 917848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9179BB second address: 9179C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F05F0F49756h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9179C5 second address: 9179E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A8h 0x00000007 jng 00007F05F0F59496h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9179E7 second address: 9179EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 917B5A second address: 917B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 917B64 second address: 917B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F49762h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 917B7A second address: 917B84 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 917B84 second address: 917BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F05F0F49765h 0x0000000a ja 00007F05F0F49756h 0x00000010 jne 00007F05F0F49756h 0x00000016 popad 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 91BABA second address: 91BAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Bh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92449A second address: 9244C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05F0F4975Fh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9244C0 second address: 9244C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9244C4 second address: 9244DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F05F0F49760h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9244DE second address: 9244EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnp 00007F05F0F59496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9244EA second address: 9244F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9244F2 second address: 9244FD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92494C second address: 924950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 924950 second address: 924971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 924971 second address: 924982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 924BF2 second address: 924BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 929ED0 second address: 929ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 929ED8 second address: 929EDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 929EDC second address: 929EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A177 second address: 92A17D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A2D0 second address: 92A2D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A2D6 second address: 92A306 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A5h 0x00000007 jmp 00007F05F0F594A7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A62A second address: 92A63B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A63B second address: 92A641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A641 second address: 92A646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A646 second address: 92A661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F05F0F594A4h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A7C7 second address: 92A7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A7CB second address: 92A7D1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A93E second address: 92A94B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92A94B second address: 92A985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F05F0F5949Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F05F0F59498h 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F05F0F594B0h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 92ADB4 second address: 92ADBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 930E0B second address: 930E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 930E12 second address: 930E1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F05F0F49756h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93007F second address: 930085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 930085 second address: 93009D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F49760h 0x0000000c pop edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93009D second address: 9300AA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F05F0F59496h 0x00000009 pop edi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9300AA second address: 9300C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F05F0F49756h 0x00000012 jmp 00007F05F0F4975Ch 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9300C8 second address: 9300CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9300CC second address: 9300DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F05F0F4975Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 930681 second address: 930699 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 930AF6 second address: 930AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934542 second address: 93457E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F05F0F594A9h 0x00000012 jp 00007F05F0F59496h 0x00000018 jbe 00007F05F0F59496h 0x0000001e popad 0x0000001f jc 00007F05F0F594BDh 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F09F3 second address: 8D692F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 nop 0x00000007 mov ecx, dword ptr [ebp+122D2DA1h] 0x0000000d lea eax, dword ptr [ebp+1247C75Ch] 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F05F0F49758h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d xor ecx, 3AA68239h 0x00000033 push eax 0x00000034 jno 00007F05F0F4975Eh 0x0000003a mov dword ptr [esp], eax 0x0000003d mov dword ptr [ebp+122D2A64h], edi 0x00000043 call dword ptr [ebp+1244F550h] 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e pop edx 0x0000004f jmp 00007F05F0F49764h 0x00000054 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F0EE2 second address: 8F0EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F0EE7 second address: 8F0EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F0FB1 second address: 8F0FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Fh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F0FC5 second address: 8F0FCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1AD7 second address: 8F1ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1ADB second address: 8F1AFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1AFC second address: 8F1B00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1B00 second address: 8F1B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1C84 second address: 8F1C88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1D3B second address: 8F1DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F4975Ch 0x00000009 popad 0x0000000a jmp 00007F05F0F49760h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F05F0F49758h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D35B3h], edx 0x00000033 lea eax, dword ptr [ebp+1247C7A0h] 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F05F0F49758h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 pushad 0x00000054 call 00007F05F0F49763h 0x00000059 pop eax 0x0000005a sub dword ptr [ebp+122D2A28h], eax 0x00000060 popad 0x00000061 nop 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 pushad 0x00000066 popad 0x00000067 jmp 00007F05F0F4975Bh 0x0000006c popad 0x0000006d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1DDE second address: 8F1DED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1DED second address: 8F1E3F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jne 00007F05F0F49756h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+12451DD4h], ebx 0x00000013 lea eax, dword ptr [ebp+1247C75Ch] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007F05F0F49758h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 add edi, dword ptr [ebp+122D2FC1h] 0x00000039 push eax 0x0000003a jl 00007F05F0F49768h 0x00000040 push eax 0x00000041 push edx 0x00000042 jo 00007F05F0F49756h 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9348AE second address: 9348BA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F05F0F59496h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9348BA second address: 9348D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F49765h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934A59 second address: 934A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934A5D second address: 934A63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934A63 second address: 934A67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934F44 second address: 934F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Eh 0x00000007 jmp 00007F05F0F49762h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934F68 second address: 934F6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 934F6D second address: 934F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F49766h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93FE4B second address: 93FE51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93FE51 second address: 93FE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93FE56 second address: 93FE7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F594A5h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 93FFF3 second address: 940002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F05F0F49756h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 942B36 second address: 942B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8B3F68 second address: 8B3F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F05F0F49756h 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F05F0F49756h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 946D15 second address: 946D33 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F05F0F59496h 0x00000008 jmp 00007F05F0F594A4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94708F second address: 947095 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 947333 second address: 94733C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9474FC second address: 947500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94D838 second address: 94D83C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94D83C second address: 94D85E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F05F0F49764h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94D85E second address: 94D862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94D862 second address: 94D889 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 jmp 00007F05F0F4975Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push edi 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94C10A second address: 94C10F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94C3EE second address: 94C415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007F05F0F49767h 0x0000000a pop edx 0x0000000b pop ebx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F05F0F49756h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94C415 second address: 94C419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94C419 second address: 94C437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05F0F49763h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 94C6B8 second address: 94C6BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F164A second address: 8F164E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F164E second address: 8F1652 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1652 second address: 8F1658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F1658 second address: 8F1672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A6h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 950A54 second address: 950A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 950A5A second address: 950A5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 950392 second address: 9503C8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05F0F49756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05F0F49767h 0x00000011 jmp 00007F05F0F49763h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9503C8 second address: 9503CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9580D8 second address: 9580DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9580DE second address: 9580EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 958F5A second address: 958F6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D2C4 second address: 95D2D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D588 second address: 95D597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D597 second address: 95D5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F05F0F594A9h 0x0000000b popad 0x0000000c jc 00007F05F0F594A6h 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D87B second address: 95D891 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F05F0F4975Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D891 second address: 95D895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95D895 second address: 95D899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DC4B second address: 95DC51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DC51 second address: 95DC72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F05F0F49756h 0x00000010 jmp 00007F05F0F49761h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DC72 second address: 95DC90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A8h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DC90 second address: 95DC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DC96 second address: 95DCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F05F0F59496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DCA0 second address: 95DCAA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F05F0F49756h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DCAA second address: 95DCD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F05F0F594A8h 0x0000000c jmp 00007F05F0F5949Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 95DE53 second address: 95DE58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 969D24 second address: 969D29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 96A546 second address: 96A554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F4975Ah 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 96AA9E second address: 96AABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A7h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 96AABA second address: 96AABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 96AABF second address: 96AAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A9h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F05F0F594A3h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jl 00007F05F0F59496h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 972226 second address: 97222A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97237D second address: 972396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F05F0F594A0h 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 972396 second address: 9723AB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F05F0F49760h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723AB second address: 9723C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F05F0F5949Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723C1 second address: 9723C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723C5 second address: 9723E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723E2 second address: 9723E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723E8 second address: 9723EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9723EE second address: 9723F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FB7D second address: 97FB87 instructions: 0x00000000 rdtsc 0x00000002 je 00007F05F0F5949Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FB87 second address: 97FB93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FD34 second address: 97FD3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FD3A second address: 97FD50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F05F0F49756h 0x00000010 jbe 00007F05F0F49756h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FD50 second address: 97FD5A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F59496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 97FD5A second address: 97FD60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9846E1 second address: 9846E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 991B8B second address: 991BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Fh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F05F0F49761h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999E05 second address: 999E0F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F05F0F59496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999E0F second address: 999E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999E1A second address: 999E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A0h 0x00000009 popad 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F05F0F59498h 0x00000013 push ebx 0x00000014 jmp 00007F05F0F594A0h 0x00000019 pop ebx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999E4C second address: 999E67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49763h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999F96 second address: 999FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Eh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999FAC second address: 999FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F05F0F49765h 0x0000000a jmp 00007F05F0F4975Bh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999FD9 second address: 999FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F05F0F5949Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999FF0 second address: 999FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 999FF4 second address: 999FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 99A2E2 second address: 99A30D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 jnl 00007F05F0F4975Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F05F0F49764h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 99F7F4 second address: 99F7FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 99F7FE second address: 99F802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 99F802 second address: 99F806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9A83A3 second address: 9A83A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9A83A9 second address: 9A83D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jc 00007F05F0F594BAh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9BF32D second address: 9BF33C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F05F0F49756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9BF33C second address: 9BF35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9BF03E second address: 9BF048 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F05F0F4975Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9BF048 second address: 9BF062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F05F0F594A4h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D55DC second address: 9D55E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D5722 second address: 9D573A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F594A3h 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D5E1D second address: 9D5E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D5E21 second address: 9D5E25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D5E25 second address: 9D5E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F05F0F49769h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9D5E46 second address: 9D5E6C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F05F0F594B1h 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA68B second address: 9DA6AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA6AE second address: 9DA6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA6B2 second address: 9DA6FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49766h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F05F0F4975Ch 0x0000000f popad 0x00000010 nop 0x00000011 jnp 00007F05F0F4975Ch 0x00000017 push 00000004h 0x00000019 mov dh, 8Ch 0x0000001b push 60AD4BB4h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jbe 00007F05F0F49756h 0x00000029 pushad 0x0000002a popad 0x0000002b popad 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA6FB second address: 9DA700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA949 second address: 9DA9A8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F05F0F49758h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dx, si 0x0000000e mov dx, si 0x00000011 push dword ptr [ebp+122D37A8h] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007F05F0F49758h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 clc 0x00000032 call 00007F05F0F49759h 0x00000037 pushad 0x00000038 ja 00007F05F0F49763h 0x0000003e push eax 0x0000003f push edx 0x00000040 jnl 00007F05F0F49756h 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA9A8 second address: 9DA9AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA9AC second address: 9DA9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jp 00007F05F0F4975Eh 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DA9BD second address: 9DA9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 ja 00007F05F0F594AFh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jc 00007F05F0F594A0h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDA76 second address: 9DDA80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F05F0F49756h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDA80 second address: 9DDA86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDA86 second address: 9DDA8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDA8C second address: 9DDA96 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F05F0F5949Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDA96 second address: 9DDAA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDAA5 second address: 9DDAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DDAA9 second address: 9DDAAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DD629 second address: 9DD62D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DD62D second address: 9DD631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DD631 second address: 9DD64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F05F0F5949Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DF65F second address: 9DF67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F05F0F49764h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DF67B second address: 9DF685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F05F0F59496h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 9DF685 second address: 9DF696 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F05F0F49756h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DAC second address: 8F4DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DB2 second address: 8F4DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DB7 second address: 8F4DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DBD second address: 8F4DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DC1 second address: 8F4DC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 8F4DC5 second address: 8F4DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F05F0F49768h 0x00000011 jmp 00007F05F0F4975Fh 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51003C8 second address: 51003FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F05F0F594A8h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51003FC second address: 5100402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120654 second address: 512068F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F05F0F594A6h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F05F0F5949Eh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 512068F second address: 5120695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120695 second address: 51206D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F05F0F5949Eh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F05F0F594A7h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51206D2 second address: 51206D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51206D8 second address: 5120745 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a jmp 00007F05F0F5949Ah 0x0000000f pushfd 0x00000010 jmp 00007F05F0F594A2h 0x00000015 add esi, 2D4F9068h 0x0000001b jmp 00007F05F0F5949Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esp], ecx 0x00000025 jmp 00007F05F0F594A6h 0x0000002a xchg eax, esi 0x0000002b pushad 0x0000002c jmp 00007F05F0F5949Eh 0x00000031 mov dl, cl 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120745 second address: 5120749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120749 second address: 512074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 512074F second address: 51207A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, 71h 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F05F0F4975Eh 0x00000014 jmp 00007F05F0F49765h 0x00000019 popfd 0x0000001a mov esi, 678163F7h 0x0000001f popad 0x00000020 popad 0x00000021 lea eax, dword ptr [ebp-04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F05F0F49764h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51207A2 second address: 51207C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov edi, esi 0x0000000d mov dx, ax 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ebx, esi 0x00000017 mov bx, cx 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51207C3 second address: 51207F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F05F0F49760h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51207F3 second address: 51207F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51207F7 second address: 51207FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51207FD second address: 5120844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push dword ptr [ebp+08h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F05F0F594A7h 0x00000012 sub esi, 2F18D9FEh 0x00000018 jmp 00007F05F0F594A9h 0x0000001d popfd 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120844 second address: 512084B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120873 second address: 5120877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120877 second address: 512087D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 512087D second address: 51208C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-04h], 00000000h 0x0000000d jmp 00007F05F0F594A0h 0x00000012 mov esi, eax 0x00000014 jmp 00007F05F0F594A0h 0x00000019 je 00007F05F0F594E7h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51208C6 second address: 51208CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51208CA second address: 51208CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51208F4 second address: 51208FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51208FA second address: 5120922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F05F0F5949Ah 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120922 second address: 5120926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120926 second address: 512092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 512092C second address: 5120958 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F05F0F49767h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120958 second address: 512095E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 512095E second address: 5120962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120962 second address: 511000F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c mov ebx, ecx 0x0000000e popad 0x0000000f retn 0004h 0x00000012 nop 0x00000013 cmp eax, 00000000h 0x00000016 setne al 0x00000019 jmp 00007F05F0F59492h 0x0000001b xor ebx, ebx 0x0000001d test al, 01h 0x0000001f jne 00007F05F0F59497h 0x00000021 sub esp, 04h 0x00000024 mov dword ptr [esp], 0000000Dh 0x0000002b call 00007F05F5946A8Bh 0x00000030 mov edi, edi 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F05F0F5949Bh 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 511000F second address: 5110014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110014 second address: 5110034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F05F0F594A3h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110034 second address: 5110084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F4975Fh 0x00000009 xor al, 0000000Eh 0x0000000c jmp 00007F05F0F49769h 0x00000011 popfd 0x00000012 mov bl, cl 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F05F0F49766h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110084 second address: 5110097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110097 second address: 51100A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51100A8 second address: 51100B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51100B8 second address: 5110151 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 2Ch 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F05F0F49764h 0x00000015 sbb ah, FFFFFFA8h 0x00000018 jmp 00007F05F0F4975Bh 0x0000001d popfd 0x0000001e mov eax, 5F53919Fh 0x00000023 popad 0x00000024 xchg eax, ebx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F05F0F49760h 0x0000002c sbb al, 00000008h 0x0000002f jmp 00007F05F0F4975Bh 0x00000034 popfd 0x00000035 push ecx 0x00000036 jmp 00007F05F0F4975Fh 0x0000003b pop ecx 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 pushfd 0x00000042 jmp 00007F05F0F49762h 0x00000047 sub ch, FFFFFF98h 0x0000004a jmp 00007F05F0F4975Bh 0x0000004f popfd 0x00000050 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110151 second address: 5110173 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, 6074066Bh 0x0000000b popad 0x0000000c xchg eax, ebx 0x0000000d jmp 00007F05F0F5949Eh 0x00000012 xchg eax, edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110173 second address: 5110179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110179 second address: 51101AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F594A2h 0x00000009 and cl, 00000058h 0x0000000c jmp 00007F05F0F5949Bh 0x00000011 popfd 0x00000012 push esi 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51101AA second address: 51101AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51101AE second address: 51101B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51101FD second address: 5110201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110201 second address: 5110207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110207 second address: 511029C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edi, 2439C624h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edi, 00000000h 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F05F0F49766h 0x00000019 sbb ah, FFFFFFD8h 0x0000001c jmp 00007F05F0F4975Bh 0x00000021 popfd 0x00000022 mov ebx, ecx 0x00000024 popad 0x00000025 inc ebx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F05F0F49760h 0x0000002d sub ch, 00000038h 0x00000030 jmp 00007F05F0F4975Bh 0x00000035 popfd 0x00000036 mov dx, si 0x00000039 popad 0x0000003a test al, al 0x0000003c jmp 00007F05F0F49762h 0x00000041 je 00007F05F0F4996Eh 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F05F0F49767h 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 511029C second address: 5110302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [ebp-14h] 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushfd 0x00000011 jmp 00007F05F0F594A9h 0x00000016 add al, 00000046h 0x00000019 jmp 00007F05F0F594A1h 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [ebp-14h], edi 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F05F0F5949Dh 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110302 second address: 5110308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 511035F second address: 5110363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110363 second address: 5110369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110369 second address: 5110380 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F5949Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110380 second address: 5110384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110384 second address: 511038A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51104A2 second address: 511055D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F05F0F49760h 0x0000000a sbb ax, 8A08h 0x0000000f jmp 00007F05F0F4975Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F05F0F49768h 0x0000001c xor ah, 00000068h 0x0000001f jmp 00007F05F0F4975Bh 0x00000024 popfd 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp-2Ch] 0x00000029 jmp 00007F05F0F49766h 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 mov bh, ch 0x00000032 mov edx, 496EC05Eh 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007F05F0F49764h 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 mov dx, ax 0x00000043 jmp 00007F05F0F4975Ah 0x00000048 popad 0x00000049 nop 0x0000004a jmp 00007F05F0F49760h 0x0000004f push eax 0x00000050 pushad 0x00000051 mov edx, 4C7A0034h 0x00000056 mov si, bx 0x00000059 popad 0x0000005a nop 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 511055D second address: 5110561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110561 second address: 5110571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110571 second address: 5110583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F5949Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110632 second address: 5110637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110637 second address: 5110654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F05F0F594A9h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110654 second address: 5110658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110658 second address: 5100C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F06618E748Bh 0x0000000e xor eax, eax 0x00000010 jmp 00007F05F0F32BCAh 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d xor ebx, ebx 0x0000001f cmp eax, 00000000h 0x00000022 je 00007F05F0F595F3h 0x00000028 call 00007F05F593758Fh 0x0000002d mov edi, edi 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov si, 9253h 0x00000036 mov bx, cx 0x00000039 popad 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100C7F second address: 5100CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F05F0F4975Eh 0x0000000f push eax 0x00000010 jmp 00007F05F0F4975Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100CBA second address: 5100CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100CBE second address: 5100CD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49767h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100CD9 second address: 5100D22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 pushfd 0x00000007 jmp 00007F05F0F5949Bh 0x0000000c jmp 00007F05F0F594A3h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 jmp 00007F05F0F594A4h 0x0000001d mov ebx, esi 0x0000001f popad 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D22 second address: 5100D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D26 second address: 5100D32 instructions: 0x00000000 rdtsc 0x00000002 mov si, BC35h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D32 second address: 5100D52 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F05F0F49765h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D52 second address: 5100D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D58 second address: 5100D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D5C second address: 5100D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100D60 second address: 5100DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F05F0F49760h 0x00000011 pushfd 0x00000012 jmp 00007F05F0F49762h 0x00000017 jmp 00007F05F0F49765h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5100DA6 second address: 5100DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110A69 second address: 5110A7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110A7E second address: 5110AAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov di, cx 0x0000000e mov di, ax 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov bx, 6042h 0x0000001b mov edi, 0F7C3E8Eh 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110AAB second address: 5110AE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AF459Ch], 05h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F05F0F49767h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110AE3 second address: 5110AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F05F0F5949Fh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5110B3F second address: 5110B80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F4975Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 03BCB621h 0x0000000e jmp 00007F05F0F4975Fh 0x00000013 xor dword ptr [esp], 76122A09h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F05F0F49765h 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 51209CA second address: 5120A35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F05F0F594A1h 0x00000009 jmp 00007F05F0F5949Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F05F0F594A8h 0x00000015 sbb cl, 00000018h 0x00000018 jmp 00007F05F0F5949Bh 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 xchg eax, ebp 0x00000022 jmp 00007F05F0F594A6h 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A35 second address: 5120A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A39 second address: 5120A3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A3F second address: 5120A5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A5E second address: 5120A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A62 second address: 5120A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49769h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120A7F second address: 5120AB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F594A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F05F0F594A9h 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120AB2 second address: 5120B2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 5Ah 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov dh, cl 0x0000000e pushfd 0x0000000f jmp 00007F05F0F49767h 0x00000014 or si, 8ABEh 0x00000019 jmp 00007F05F0F49769h 0x0000001e popfd 0x0000001f popad 0x00000020 mov esi, dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 movsx edx, cx 0x00000027 popad 0x00000028 test esi, esi 0x0000002a pushad 0x0000002b mov edx, eax 0x0000002d mov cl, 65h 0x0000002f popad 0x00000030 je 00007F06618B7005h 0x00000036 jmp 00007F05F0F4975Fh 0x0000003b cmp dword ptr [75AF459Ch], 05h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 mov si, dx 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120B2D second address: 5120B94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F06618DEDF5h 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F05F0F5949Ch 0x00000018 jmp 00007F05F0F594A5h 0x0000001d popfd 0x0000001e call 00007F05F0F594A0h 0x00000023 pop edi 0x00000024 popad 0x00000025 xchg eax, esi 0x00000026 jmp 00007F05F0F5949Ch 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F05F0F5949Ch 0x00000034 push eax 0x00000035 pop edi 0x00000036 popad 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120C2E second address: 5120C43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F05F0F49761h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
RDTSC instruction interceptor: First address: 5120C43 second address: 5120C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf |
Jump to behavior |
Source: C:\Users\user\Desktop\TmmiCE5Ulm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao |
Jump to behavior |