Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.000000000085E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://185.215.113.16/off/def.exe |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.000000000085E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://185.215.113.16/off/def.exeN/- |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
Source: tTGxYWtjG5.exe, 00000001.00000002.1916296960.0000000005B99000.00000002.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0X |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.globalsign.com/rootr30; |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06 |
Source: Amcache.hve.11.dr | String found in binary or memory: http://upx.sf.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1407016337.00000000054D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://aui-cdn.atlassia |
Source: tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000888000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619213944.000000000088D000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://aui-cdn.atlassian.com/ |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://bbc-frontbucket-canary.pro |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1 |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.pu |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas. |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.00000000007D9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/ |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AA000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1- |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.00000000007FC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443 |
Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3 |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://bitbucket.org/ |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.000000000081E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.00000000007E2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe#CJ |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910462653.000000000073A000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0 |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000866000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org/zK |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.00000000007FC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252. |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta |
Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000888000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619213944.000000000088D000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.cookielaw.org/ |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000888000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619213944.000000000088D000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://dz8aopenkvv6s.cloudfront.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1487811612.0000000000877000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/ |
Source: tTGxYWtjG5.exe, 00000001.00000003.1357410577.000000000081E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/( |
Source: tTGxYWtjG5.exe, 00000001.00000003.1436694130.00000000007EB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/J |
Source: tTGxYWtjG5.exe, 00000001.00000003.1487811612.0000000000877000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/Yec |
Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1357410577.000000000081E000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000866000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1474250511.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1432666855.00000000054B1000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1474406524.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1406384434.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910553330.000000000081E000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1436316095.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1406504023.00000000054B0000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1357410577.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1432032954.00000000054A5000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1406661276.00000000054B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/api |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000866000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/apiER |
Source: tTGxYWtjG5.exe, 00000001.00000002.1910553330.000000000081E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/apij |
Source: tTGxYWtjG5.exe, 00000001.00000003.1474250511.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1432666855.00000000054B1000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1432032954.00000000054A5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/apim |
Source: tTGxYWtjG5.exe, 00000001.00000003.1406384434.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1406504023.00000000054B0000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1406661276.00000000054B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/apiy |
Source: tTGxYWtjG5.exe, 00000001.00000003.1357410577.000000000081E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/pi |
Source: tTGxYWtjG5.exe, 00000001.00000003.1474101580.0000000000877000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/s |
Source: tTGxYWtjG5.exe, 00000001.00000003.1357410577.00000000007FC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat/v |
Source: tTGxYWtjG5.exe, 00000001.00000003.1487811612.000000000088E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://observerfry.lat:443/apiocal |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://remote-app-switcher.prod- |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe | String found in binary or memory: https://remote-app-switcher.stg-east.frontend |
Source: tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000002.1910955173.0000000000888000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
Source: tTGxYWtjG5.exe, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000888000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619213944.000000000088D000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619162344.0000000000864000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: tTGxYWtjG5.exe, 00000001.00000002.1915451922.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1618956138.0000000000859000.00000004.00000020.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1619233681.00000000054AD000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: tTGxYWtjG5.exe, 00000001.00000003.1358978816.00000000054EC000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358348490.00000000054EF000.00000004.00000800.00020000.00000000.sdmp, tTGxYWtjG5.exe, 00000001.00000003.1358548781.00000000054EC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408319971.000000000088A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: tTGxYWtjG5.exe, 00000001.00000003.1408016793.00000000055CC000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A1958B second address: A195AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2A913FCE9Bh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A195AD second address: A195B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A195B1 second address: A18DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 cld 0x00000009 push dword ptr [ebp+122D13FDh] 0x0000000f pushad 0x00000010 jmp 00007F2A913FCEA5h 0x00000015 mov dword ptr [ebp+122D3876h], edx 0x0000001b popad 0x0000001c call dword ptr [ebp+122D1C94h] 0x00000022 pushad 0x00000023 jmp 00007F2A913FCE9Fh 0x00000028 xor eax, eax 0x0000002a mov dword ptr [ebp+122D1D15h], ebx 0x00000030 stc 0x00000031 mov edx, dword ptr [esp+28h] 0x00000035 mov dword ptr [ebp+122D1D15h], edi 0x0000003b mov dword ptr [ebp+122D3C85h], eax 0x00000041 jmp 00007F2A913FCE9Fh 0x00000046 stc 0x00000047 mov esi, 0000003Ch 0x0000004c jmp 00007F2A913FCEA3h 0x00000051 add esi, dword ptr [esp+24h] 0x00000055 cmc 0x00000056 lodsw 0x00000058 clc 0x00000059 or dword ptr [ebp+122D1D15h], esi 0x0000005f add eax, dword ptr [esp+24h] 0x00000063 pushad 0x00000064 mov dword ptr [ebp+122D22BEh], eax 0x0000006a movzx edi, cx 0x0000006d popad 0x0000006e mov ebx, dword ptr [esp+24h] 0x00000072 clc 0x00000073 nop 0x00000074 pushad 0x00000075 jmp 00007F2A913FCEA3h 0x0000007a push eax 0x0000007b push edx 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A18DD1 second address: A18DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A18DD5 second address: A18DD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A18DD9 second address: A18DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: A18DE7 second address: A18DED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B967BF second address: B967C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96A8E second address: B96AA6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2A913FCE9Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F2A913FCE96h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96BED second address: B96BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96BF1 second address: B96BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96BFD second address: B96C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2A9129471Ch 0x0000000a pushad 0x0000000b jmp 00007F2A91294727h 0x00000010 jl 00007F2A91294716h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96D66 second address: B96D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B96F4A second address: B96F58 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2A91294716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B9ACAC second address: B9AD3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F2A913FCE9Fh 0x0000000a popad 0x0000000b add dword ptr [esp], 439FE4EEh 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F2A913FCE98h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D1D9Ch], esi 0x00000034 push 00000000h 0x00000036 jmp 00007F2A913FCEA0h 0x0000003b jmp 00007F2A913FCE9Ah 0x00000040 push 00000003h 0x00000042 push 00000000h 0x00000044 push edi 0x00000045 call 00007F2A913FCE98h 0x0000004a pop edi 0x0000004b mov dword ptr [esp+04h], edi 0x0000004f add dword ptr [esp+04h], 0000001Bh 0x00000057 inc edi 0x00000058 push edi 0x00000059 ret 0x0000005a pop edi 0x0000005b ret 0x0000005c push F2E82358h 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B9AD3F second address: B9AD49 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2A91294716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B9AD49 second address: B9AD80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 32E82358h 0x00000010 mov dword ptr [ebp+122D3978h], edx 0x00000016 lea ebx, dword ptr [ebp+12455B7Fh] 0x0000001c add dword ptr [ebp+122D1C6Ah], ebx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jbe 00007F2A913FCE9Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B9AD80 second address: B9AD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBBC52 second address: BBBC66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jno 00007F2A913FCE96h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBBC66 second address: BBBC6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA0A6 second address: BBA0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA0AC second address: BBA0E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294724h 0x00000007 jl 00007F2A91294716h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F2A91294729h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA521 second address: BBA550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2A913FCE96h 0x0000000a jmp 00007F2A913FCEA4h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007F2A913FCE9Eh 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA550 second address: BBA568 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A91294724h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA568 second address: BBA590 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F2A913FCEA6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA80F second address: BBA81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2A91294716h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA9CA second address: BBA9E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA1h 0x00000007 jnc 00007F2A913FCE96h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA9E5 second address: BBA9ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBA9ED second address: BBAA05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2A913FCE9Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBAB78 second address: BBAB8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A9129471Ah 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBAB8B second address: BBAB91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBAB91 second address: BBAB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBAB95 second address: BBABBC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2A913FCE9Dh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2A913FCE9Fh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBABBC second address: BBABC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBABC0 second address: BBABC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBABC6 second address: BBABCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBABCD second address: BBABD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BAE4D2 second address: BAE4DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BAE4DA second address: BAE4F4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2A913FCE96h 0x00000008 jmp 00007F2A913FCE9Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B90781 second address: B9078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2A91294716h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B9078D second address: B90791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBB7A1 second address: BBB7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A9129471Fh 0x00000009 popad 0x0000000a jmp 00007F2A9129471Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F2A91294716h 0x00000017 jne 00007F2A91294716h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBB7D0 second address: BBB7ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBB7ED second address: BBB80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F2A91294722h 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBDFC9 second address: BBDFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBE762 second address: BBE76B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BBFA41 second address: BBFA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC6192 second address: BC6196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC6196 second address: BC61B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2A913FCEA2h 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC61B9 second address: BC61C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F2A9129471Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC5D53 second address: BC5D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC7DF6 second address: BC7DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8081 second address: BC808C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F2A913FCE96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8169 second address: BC817B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2A91294716h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC817B second address: BC817F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8941 second address: BC89B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jg 00007F2A91294722h 0x0000000e xchg eax, ebx 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F2A91294718h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov edi, 18B897F4h 0x0000002e nop 0x0000002f push edx 0x00000030 push ecx 0x00000031 jnc 00007F2A91294716h 0x00000037 pop ecx 0x00000038 pop edx 0x00000039 push eax 0x0000003a pushad 0x0000003b jmp 00007F2A91294722h 0x00000040 pushad 0x00000041 jmp 00007F2A9129471Dh 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8EA5 second address: BC8EAF instructions: 0x00000000 rdtsc 0x00000002 je 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8EAF second address: BC8EDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F2A91294716h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 ja 00007F2A91294716h 0x00000018 jmp 00007F2A91294726h 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC8EDE second address: BC8F20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F2A913FCE98h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D228Eh] 0x0000002a push eax 0x0000002b push ecx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC9397 second address: BC939B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC939B second address: BC93F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F2A913FCE98h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 jmp 00007F2A913FCEA9h 0x0000002d xchg eax, ebx 0x0000002e jbe 00007F2A913FCE9Eh 0x00000034 push edx 0x00000035 jl 00007F2A913FCE96h 0x0000003b pop edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 pop eax 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC93F5 second address: BC93FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC93FB second address: BC9401 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC9401 second address: BC9405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BC9BBA second address: BC9BBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B7FF9F second address: B7FFC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F2A91294716h 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 jmp 00007F2A9129471Ah 0x00000016 jmp 00007F2A9129471Eh 0x0000001b pop ecx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCC264 second address: BCC268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCCD18 second address: BCCD28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A9129471Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCCD28 second address: BCCD86 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F2A913FCE98h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 stc 0x0000002a push 00000000h 0x0000002c call 00007F2A913FCEA2h 0x00000031 jno 00007F2A913FCE9Ch 0x00000037 pop edi 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D2D73h], edi 0x00000040 push eax 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCCD86 second address: BCCD94 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2A91294716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCECAE second address: BCED01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2A913FCEA1h 0x00000008 jng 00007F2A913FCE96h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 mov esi, 7942FB73h 0x00000019 push 00000000h 0x0000001b jc 00007F2A913FCE96h 0x00000021 mov dword ptr [ebp+122D3854h], ebx 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a mov esi, ecx 0x0000002c pop edi 0x0000002d xchg eax, ebx 0x0000002e push edx 0x0000002f jmp 00007F2A913FCE9Ch 0x00000034 pop edx 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 je 00007F2A913FCE96h 0x0000003f pop eax 0x00000040 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD1B2F second address: BD1B35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD1B35 second address: BD1B9C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F2A913FCE9Fh 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 pop esi 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F2A913FCE98h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e jmp 00007F2A913FCE9Bh 0x00000033 push edx 0x00000034 mov esi, edx 0x00000036 pop edi 0x00000037 xchg eax, ebx 0x00000038 jne 00007F2A913FCE9Eh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 js 00007F2A913FCE96h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCF5B8 second address: BCF5BD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD1B9C second address: BD1BA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCF5BD second address: BCF5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jnc 00007F2A91294716h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCF5CF second address: BCF5D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCF5D8 second address: BCF5DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD2412 second address: BD2420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD2685 second address: BD26E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 jo 00007F2A91294719h 0x0000000f mov di, ax 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F2A91294718h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e pushad 0x0000002f call 00007F2A91294724h 0x00000034 mov ebx, 119D825Fh 0x00000039 pop ebx 0x0000003a mov cl, 25h 0x0000003c popad 0x0000003d mov esi, dword ptr [ebp+122D3CB5h] 0x00000043 push 00000000h 0x00000045 mov esi, dword ptr [ebp+122D39D9h] 0x0000004b xchg eax, ebx 0x0000004c pushad 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD2420 second address: BD2424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD434F second address: BD4369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A91294725h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD4369 second address: BD4373 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2A913FCEA2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD4373 second address: BD4397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2A91294716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d je 00007F2A91294722h 0x00000013 jnp 00007F2A91294716h 0x00000019 jl 00007F2A91294716h 0x0000001f push edx 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD858B second address: BD8598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F2A913FCE96h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDA69F second address: BDA6A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDA6A5 second address: BDA6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD87E0 second address: BD87EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007F2A91294716h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDA6A9 second address: BDA6B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edi 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD87EE second address: BD8808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2A91294721h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD8808 second address: BD880F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDAE16 second address: BDAEC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bl, DEh 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov dword ptr [ebp+12456DA7h], edx 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F2A91294718h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000015h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov eax, dword ptr [ebp+122D06FDh] 0x00000040 push 00000000h 0x00000042 push ebx 0x00000043 call 00007F2A91294718h 0x00000048 pop ebx 0x00000049 mov dword ptr [esp+04h], ebx 0x0000004d add dword ptr [esp+04h], 00000018h 0x00000055 inc ebx 0x00000056 push ebx 0x00000057 ret 0x00000058 pop ebx 0x00000059 ret 0x0000005a mov edi, dword ptr [ebp+122D3989h] 0x00000060 sub dword ptr [ebp+122D1CAEh], ebx 0x00000066 push FFFFFFFFh 0x00000068 movzx edi, si 0x0000006b nop 0x0000006c js 00007F2A9129473Ch 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 jnp 00007F2A9129471Ch 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDAEC8 second address: BDAECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDCC88 second address: BDCC8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDCC8C second address: BDCC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDCC92 second address: BDCC99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDD41 second address: BDDD8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jns 00007F2A913FCEA0h 0x0000000f nop 0x00000010 call 00007F2A913FCEA7h 0x00000015 mov edi, dword ptr [ebp+122D3AB9h] 0x0000001b pop ebx 0x0000001c push 00000000h 0x0000001e pushad 0x0000001f movsx ebx, si 0x00000022 popad 0x00000023 push 00000000h 0x00000025 or ebx, dword ptr [ebp+122D39B5h] 0x0000002b xchg eax, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDD8F second address: BDDD93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDD93 second address: BDDD99 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDD99 second address: BDDDB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A91294728h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDED13 second address: BDED18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDEF0 second address: BDDEF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFCAB second address: BDFCB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDDEF5 second address: BDDF14 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2A91294722h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFCB1 second address: BDFCC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 jns 00007F2A913FCE96h 0x0000000f pop edi 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFCC4 second address: BDFD38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F2A91294718h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov di, 8664h 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F2A91294718h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Ah 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 mov bl, ch 0x00000045 or ebx, dword ptr [ebp+122D1D10h] 0x0000004b mov di, 0C2Fh 0x0000004f xchg eax, esi 0x00000050 jnc 00007F2A9129471Ah 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 push edi 0x0000005a jbe 00007F2A91294716h 0x00000060 pop edi 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFE8C second address: BDFF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push esi 0x00000007 jmp 00007F2A913FCE9Ch 0x0000000c pop esi 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F2A913FCE98h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push dword ptr fs:[00000000h] 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007F2A913FCE98h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 mov dword ptr fs:[00000000h], esp 0x00000050 pushad 0x00000051 mov edx, dword ptr [ebp+122D3B41h] 0x00000057 add esi, dword ptr [ebp+122D3AADh] 0x0000005d popad 0x0000005e mov eax, dword ptr [ebp+122D0025h] 0x00000064 push FFFFFFFFh 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a push edx 0x0000006b pop edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFF15 second address: BDFF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BDFF1A second address: BDFF24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2A913FCE96h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE1A60 second address: BE1A64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE29DA second address: BE29E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE6972 second address: BE6976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE6976 second address: BE69E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D3854h], edi 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F2A913FCE98h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c add edi, dword ptr [ebp+122D3C11h] 0x00000032 push 00000000h 0x00000034 call 00007F2A913FCE9Eh 0x00000039 pop ebx 0x0000003a push eax 0x0000003b pushad 0x0000003c jns 00007F2A913FCE98h 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F2A913FCEA1h 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE3C13 second address: BE3C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE4B61 second address: BE4B89 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2A913FCEA5h 0x00000008 jmp 00007F2A913FCE9Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jbe 00007F2A913FCEA2h 0x00000016 jl 00007F2A913FCE9Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE3C19 second address: BE3C38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2A9129471Ah 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F2A9129471Ch 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE4B89 second address: BE4C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 mov ebx, 5C088229h 0x0000000a push dword ptr fs:[00000000h] 0x00000011 mov bx, dx 0x00000014 xor ebx, 7928287Ch 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 xor ebx, dword ptr [ebp+122D3972h] 0x00000027 mov eax, dword ptr [ebp+122D11A1h] 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F2A913FCE98h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D38FFh], esi 0x0000004d push FFFFFFFFh 0x0000004f and ebx, dword ptr [ebp+122D3BC1h] 0x00000055 jmp 00007F2A913FCE9Fh 0x0000005a nop 0x0000005b push edx 0x0000005c push ebx 0x0000005d pushad 0x0000005e popad 0x0000005f pop ebx 0x00000060 pop edx 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push esi 0x00000065 jmp 00007F2A913FCEA4h 0x0000006a pop esi 0x0000006b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE3C38 second address: BE3C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2A91294716h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8C4D second address: BE8C5F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnp 00007F2A913FCE96h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8C5F second address: BE8C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE3CEC second address: BE3D0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8C64 second address: BE8C6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE6C50 second address: BE6C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F2A913FCEAEh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8C6A second address: BE8C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8C6E second address: BE8C72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE6C77 second address: BE6C7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BE8ECC second address: BE8ED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF31F1 second address: BF31F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF2C1E second address: BF2C28 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2A913FCE9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B83395 second address: B8339D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF78F3 second address: BF78F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF7A2D second address: BF7A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jmp 00007F2A9129471Fh 0x0000000f pop edi 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF7A47 second address: BF7A73 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F2A913FCEA4h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F2A913FCE96h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF7A73 second address: BF7A8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF91C8 second address: BF91CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF91CE second address: BF91D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BF91D2 second address: BF91D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFFE5C second address: BFFE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF114 second address: BFF136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007F2A913FCE96h 0x00000009 pop eax 0x0000000a jo 00007F2A913FCE9Ch 0x00000010 jg 00007F2A913FCE96h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jo 00007F2A913FCE96h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF136 second address: BFF13A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF13A second address: BFF144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF144 second address: BFF14C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF2AF second address: BFF2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF2B5 second address: BFF2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F2A91294724h 0x0000000e jnc 00007F2A91294716h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFF9F1 second address: BFFA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A913FCEA0h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFFA0A second address: BFFA24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFFA24 second address: BFFA37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2A913FCE9Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFFA37 second address: BFFA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F2A91294716h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BFFA46 second address: BFFA4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B86727 second address: B8674F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F2A91294720h 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F2A9129471Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C07217 second address: C0721D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0721D second address: C0723B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F2A9129471Ch 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007F2A91294716h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0723B second address: C07244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C06DDE second address: C06DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C07DF6 second address: C07E2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2A913FCEA2h 0x0000000a jmp 00007F2A913FCEA7h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C07E2D second address: C07E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F2A9129471Fh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C07E4B second address: C07E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0CA77 second address: C0CA7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0B9A4 second address: C0B9BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F2A913FCE96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F2A913FCE96h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0B9BA second address: C0B9C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD4E6F second address: BAE4D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edx, dword ptr [ebp+122D1C9Bh] 0x00000011 lea eax, dword ptr [ebp+1248FC21h] 0x00000017 sub dword ptr [ebp+122D2765h], edi 0x0000001d push eax 0x0000001e jng 00007F2A913FCEABh 0x00000024 push eax 0x00000025 jmp 00007F2A913FCEA3h 0x0000002a pop eax 0x0000002b mov dword ptr [esp], eax 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F2A913FCE98h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 call dword ptr [ebp+12464D0Eh] 0x0000004e jc 00007F2A913FCEA0h 0x00000054 jmp 00007F2A913FCE9Ah 0x00000059 push eax 0x0000005a push edx 0x0000005b jno 00007F2A913FCE9Eh 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD5062 second address: BD5066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD5392 second address: BD53A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD53A6 second address: BD53B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD5483 second address: BD549E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A913FCEA0h 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD549E second address: BD54BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2A91294716h 0x0000000a popad 0x0000000b jmp 00007F2A9129471Ah 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD54BD second address: BD54C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD54C2 second address: BD550B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F2A91294718h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov edx, 60E64500h 0x00000029 call 00007F2A91294719h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 jns 00007F2A91294716h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD550B second address: BD553E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c jp 00007F2A913FCEA7h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b je 00007F2A913FCE96h 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD553E second address: BD556A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2A91294718h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jl 00007F2A91294716h 0x00000015 jmp 00007F2A91294724h 0x0000001a popad 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD57B2 second address: BD57CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD596E second address: BD5972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD5972 second address: BD59A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e jnc 00007F2A913FCE9Ch 0x00000014 add ch, 00000013h 0x00000017 push 00000004h 0x00000019 or dword ptr [ebp+122D3876h], eax 0x0000001f mov ecx, dword ptr [ebp+122D3A01h] 0x00000025 nop 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD59A4 second address: BD59A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD59A8 second address: BD59AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD59AE second address: BD59C9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F2A91294716h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F2A9129471Ch 0x00000015 jc 00007F2A91294716h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD6098 second address: BD60D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jns 00007F2A913FCEADh 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007F2A913FCE9Ch 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD60D7 second address: BD60F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD60F1 second address: BD60F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD6191 second address: BD619A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD619A second address: BD61E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F2A913FCE98h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+1248FC65h] 0x0000002a jmp 00007F2A913FCE9Eh 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F2A913FCE9Bh 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD61E4 second address: BD61EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD61EB second address: BD6261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F2A913FCEA6h 0x0000000e nop 0x0000000f mov dword ptr [ebp+1245759Bh], ebx 0x00000015 lea eax, dword ptr [ebp+1248FC21h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F2A913FCE98h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D330Bh], eax 0x0000003b or ecx, 112B1422h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 je 00007F2A913FCEA9h 0x0000004a jmp 00007F2A913FCEA3h 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BD6261 second address: BAF05D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F2A91294727h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F2A91294718h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov cx, ax 0x0000002b call dword ptr [ebp+122D216Eh] 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 pop eax 0x00000037 push edx 0x00000038 pop edx 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BAF05D second address: BAF063 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BAF063 second address: BAF069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BAF069 second address: BAF078 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0BC88 second address: C0BC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2A91294716h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0BC92 second address: C0BC98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0C3DC second address: C0C3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0C3E2 second address: C0C3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C0C6D0 second address: C0C6D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15B8E second address: C15B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15B92 second address: C15B9C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2A91294716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15D25 second address: C15D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15D2D second address: C15D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2A91294716h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15ED0 second address: C15ED6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15ED6 second address: C15EE0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2A91294722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C15EE0 second address: C15EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C16484 second address: C16498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jo 00007F2A91294716h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pop ecx 0x00000010 push ebx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C16498 second address: C1649E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1649E second address: C164A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C166F5 second address: C166F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C166F9 second address: C166FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C166FD second address: C16705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1A51B second address: C1A534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2A9129471Fh 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C19E03 second address: C19E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2A913FCE96h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F2A913FCE9Dh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C19E21 second address: C19E29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1A10F second address: C1A113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1A256 second address: C1A264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 popad 0x00000007 jc 00007F2A91294716h 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C7F9 second address: C1C7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C7FF second address: C1C803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C803 second address: C1C80D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C80D second address: C1C811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C811 second address: C1C819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C1C819 second address: C1C825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jno 00007F2A91294716h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B7CA8B second address: B7CA95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21B0A second address: C21B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21C4E second address: C21C58 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21DE7 second address: C21DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2A91294716h 0x0000000a pop esi 0x0000000b pop eax 0x0000000c jo 00007F2A91294741h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21DFD second address: C21E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21E01 second address: C21E07 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21E07 second address: C21E1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2A913FCE9Bh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C21F52 second address: C21F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C26F89 second address: C26F8E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C2633C second address: C26342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C26342 second address: C26347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C265F9 second address: C26601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C2673D second address: C26743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C269BB second address: C269D5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2A91294716h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jnc 00007F2A91294716h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C269D5 second address: C269E6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2A913FCE9Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C269E6 second address: C26A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A91294721h 0x00000009 jne 00007F2A91294716h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C26A09 second address: C26A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A913FCE9Ah 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C2AF5B second address: C2AF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2A9129471Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C2A868 second address: C2A879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F2A913FCEBAh 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C30540 second address: C30546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C30546 second address: C3054A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C3054A second address: C3056F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294722h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F2A9129471Ch 0x0000000f jo 00007F2A91294716h 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C306B2 second address: C306E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A913FCEA5h 0x00000009 jmp 00007F2A913FCEA8h 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C306E6 second address: C30703 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294727h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C31485 second address: C314A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2A913FCE9Eh 0x00000009 jmp 00007F2A913FCEA0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C314A9 second address: C314BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F2A9129471Ch 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C314BA second address: C314D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F2A913FCE96h 0x0000000a jmp 00007F2A913FCE9Fh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C31A9B second address: C31ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 jmp 00007F2A91294726h 0x0000000b pop ebx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C31ABF second address: C31AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C31AC5 second address: C31ACB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C31ACB second address: C31AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C38835 second address: C3883A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C37A25 second address: C37A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C37A29 second address: C37A4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2A9129471Fh 0x00000008 jmp 00007F2A9129471Ch 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C380F0 second address: C3810B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f jc 00007F2A913FCE98h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C3810B second address: C3810F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C3810F second address: C3812B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C3812B second address: C3813C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F2A91294716h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C3813C second address: C38140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44CE7 second address: C44CEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44CEB second address: C44CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2A913FCE9Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44E78 second address: C44E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F2A91294718h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44E89 second address: C44EA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44EA0 second address: C44EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44EA4 second address: C44EA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44FFC second address: C45012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2A9129471Ah 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C45012 second address: C45016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C45016 second address: C45034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F2A9129472Ch 0x0000000c jmp 00007F2A91294720h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C45169 second address: C4516D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C45B7C second address: C45B8C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2A91294716h 0x00000008 jno 00007F2A91294716h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C462D6 second address: C462DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C44194 second address: C4419F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2A91294716h 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C5B180 second address: C5B198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 jnl 00007F2A913FCE96h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnl 00007F2A913FCE96h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C5B198 second address: C5B19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C5E3E6 second address: C5E3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C67727 second address: C67752 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294724h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007F2A9129471Fh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C6A873 second address: C6A892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2A913FCEACh 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C7136B second address: C71379 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F2A91294716h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C71379 second address: C7137D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C7137D second address: C71383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C71383 second address: C7138D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2A913FCE96h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C71175 second address: C7117A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C7117A second address: C71198 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2A913FCE9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2A913FCE9Eh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C772ED second address: C772F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C772F1 second address: C772F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C772F5 second address: C77323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F2A9129471Ch 0x0000000e popad 0x0000000f jnp 00007F2A9129472Eh 0x00000015 pushad 0x00000016 jmp 00007F2A9129471Eh 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C778C8 second address: C778DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Ch 0x00000007 jne 00007F2A913FCE96h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C778DE second address: C778E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C778E6 second address: C778F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C778F7 second address: C77917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2A9129471Ah 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jl 00007F2A91294736h 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C77917 second address: C77921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C77921 second address: C77927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C77927 second address: C7792B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: B8EC29 second address: B8EC2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C963B0 second address: C963D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F2A913FCEADh 0x0000000c jmp 00007F2A913FCEA5h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C963D3 second address: C96434 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2A9129472Ah 0x00000008 push esi 0x00000009 jmp 00007F2A9129471Eh 0x0000000e jno 00007F2A91294716h 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push esi 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c jmp 00007F2A91294726h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2A9129471Eh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C96434 second address: C96438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C96438 second address: C9643C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C96274 second address: C96287 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2A913FCE9Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C96287 second address: C9628F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C981E2 second address: C981E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C981E7 second address: C981F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2A91294716h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: C981F1 second address: C981F7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD039 second address: CAD052 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2A91294716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F2A9129471Bh 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD052 second address: CAD05C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2A913FCE96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD05C second address: CAD068 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F2A91294716h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD068 second address: CAD06C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD5B3 second address: CAD5F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294721h 0x00000007 pushad 0x00000008 jno 00007F2A91294716h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnl 00007F2A91294716h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007F2A9129472Ah 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD5F8 second address: CAD5FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CAD5FC second address: CAD602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CADAA5 second address: CADAB5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2A913FCEA2h 0x00000008 js 00007F2A913FCE96h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CADC2E second address: CADC4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a ja 00007F2A91294716h 0x00000010 jng 00007F2A91294716h 0x00000016 pop edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CB227C second address: CB2280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CB242A second address: CB242F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CB24AD second address: CB24B7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2A913FCE9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: CB24B7 second address: CB24E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D3632h], eax 0x0000000d jnl 00007F2A9129471Ah 0x00000013 mov dx, F974h 0x00000017 push 00000004h 0x00000019 xor edx, dword ptr [ebp+122D34ABh] 0x0000001f mov dh, 62h 0x00000021 push A4259E95h 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push edx 0x0000002a pop edx 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: BCAB4E second address: BCAB52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B603F8 second address: 4B603FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B603FC second address: 4B60417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B60417 second address: 4B6043B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B6043B second address: 4B6043F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B6043F second address: 4B60459 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B904B1 second address: 4B904C2 instructions: 0x00000000 rdtsc 0x00000002 mov edi, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx esi, di 0x00000009 popad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B904C2 second address: 4B904C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B904C6 second address: 4B904CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B904CA second address: 4B904D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B904D0 second address: 4B90512 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F2A913FCEA0h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2A913FCEA7h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90512 second address: 4B905C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F2A9129471Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov bx, BB34h 0x00000015 pushfd 0x00000016 jmp 00007F2A9129471Dh 0x0000001b or eax, 282D92F6h 0x00000021 jmp 00007F2A91294721h 0x00000026 popfd 0x00000027 popad 0x00000028 xchg eax, ecx 0x00000029 jmp 00007F2A9129471Eh 0x0000002e xchg eax, esi 0x0000002f pushad 0x00000030 mov al, 20h 0x00000032 pushfd 0x00000033 jmp 00007F2A91294723h 0x00000038 jmp 00007F2A91294723h 0x0000003d popfd 0x0000003e popad 0x0000003f push eax 0x00000040 jmp 00007F2A91294729h 0x00000045 xchg eax, esi 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 mov edi, ecx 0x0000004b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B905C7 second address: 4B905E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 5739E808h 0x00000009 popad 0x0000000a lea eax, dword ptr [ebp-04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2A913FCE9Ah 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B905E0 second address: 4B90607 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2A91294725h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90607 second address: 4B90617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A913FCE9Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90617 second address: 4B90625 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90625 second address: 4B9062C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B9062C second address: 4B9065C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294722h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2A91294727h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B906BA second address: 4B906BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B906BE second address: 4B906C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B906C4 second address: 4B9071F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-04h], 00000000h 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F2A913FCE9Eh 0x00000014 adc cx, 2BD8h 0x00000019 jmp 00007F2A913FCE9Bh 0x0000001e popfd 0x0000001f push ecx 0x00000020 mov eax, edx 0x00000022 pop ebx 0x00000023 popad 0x00000024 mov esi, eax 0x00000026 jmp 00007F2A913FCE9Eh 0x0000002b je 00007F2A913FCEFDh 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 movsx edi, ax 0x00000037 push esi 0x00000038 pop edi 0x00000039 popad 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B9071F second address: 4B90725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90725 second address: 4B90729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90729 second address: 4B9072D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90750 second address: 4B907FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007F2A913FCE9Dh 0x0000000b sub cx, 5636h 0x00000010 jmp 00007F2A913FCEA1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, esi 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F2A913FCE9Ch 0x00000022 jmp 00007F2A913FCEA5h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F2A913FCEA0h 0x0000002e add ch, FFFFFFB8h 0x00000031 jmp 00007F2A913FCE9Bh 0x00000036 popfd 0x00000037 popad 0x00000038 pop esi 0x00000039 pushad 0x0000003a mov ax, 980Bh 0x0000003e call 00007F2A913FCEA0h 0x00000043 movzx esi, dx 0x00000046 pop ebx 0x00000047 popad 0x00000048 leave 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F2A913FCEA9h 0x00000050 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B907FB second address: 4B80032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d sub esp, 04h 0x00000010 xor ebx, ebx 0x00000012 cmp eax, 00000000h 0x00000015 je 00007F2A9129487Ah 0x0000001b mov dword ptr [esp], 0000000Dh 0x00000022 call 00007F2A954208B1h 0x00000027 mov edi, edi 0x00000029 jmp 00007F2A91294726h 0x0000002e xchg eax, ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F2A91294727h 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80032 second address: 4B8003A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8003A second address: 4B80060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F2A91294727h 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80060 second address: 4B80064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80064 second address: 4B8006A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8006A second address: 4B800D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F2A913FCEA0h 0x00000010 sub esp, 2Ch 0x00000013 jmp 00007F2A913FCEA0h 0x00000018 xchg eax, ebx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushfd 0x0000001d jmp 00007F2A913FCEA3h 0x00000022 and ax, B08Eh 0x00000027 jmp 00007F2A913FCEA9h 0x0000002c popfd 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B800D4 second address: 4B800D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B800D8 second address: 4B8010C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F2A913FCEA7h 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2A913FCEA0h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8010C second address: 4B80112 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80112 second address: 4B80118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80118 second address: 4B8012E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2A9129471Bh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8012E second address: 4B80142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 4CCDD1BAh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80142 second address: 4B80146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80146 second address: 4B8014C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8014C second address: 4B80161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A91294721h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80161 second address: 4B80165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80165 second address: 4B80181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2A9129471Fh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80181 second address: 4B8019E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B801FB second address: 4B80201 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80201 second address: 4B80218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2A913FCEA2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80218 second address: 4B8024E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 test al, al 0x00000009 jmp 00007F2A9129471Eh 0x0000000e je 00007F2A91294917h 0x00000014 jmp 00007F2A91294720h 0x00000019 lea ecx, dword ptr [ebp-14h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ch, 06h 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8024E second address: 4B80263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A913FCEA1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80263 second address: 4B8028C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-14h], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2A9129471Dh 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B802B5 second address: 4B802BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B802BB second address: 4B8031E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F2A91294722h 0x00000010 and si, E9E8h 0x00000015 jmp 00007F2A9129471Bh 0x0000001a popfd 0x0000001b jmp 00007F2A91294728h 0x00000020 popad 0x00000021 mov dword ptr [esp], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F2A91294727h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8031E second address: 4B80336 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A913FCEA4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80364 second address: 4B80465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2A91294727h 0x00000009 or cl, FFFFFFFEh 0x0000000c jmp 00007F2A91294729h 0x00000011 popfd 0x00000012 movzx ecx, di 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 test eax, eax 0x0000001a jmp 00007F2A91294723h 0x0000001f jg 00007F2B021727EBh 0x00000025 jmp 00007F2A91294726h 0x0000002a js 00007F2A91294773h 0x00000030 pushad 0x00000031 movzx esi, dx 0x00000034 pushfd 0x00000035 jmp 00007F2A91294723h 0x0000003a xor al, 0000001Eh 0x0000003d jmp 00007F2A91294729h 0x00000042 popfd 0x00000043 popad 0x00000044 cmp dword ptr [ebp-14h], edi 0x00000047 jmp 00007F2A9129471Eh 0x0000004c jne 00007F2B02172791h 0x00000052 jmp 00007F2A91294720h 0x00000057 mov ebx, dword ptr [ebp+08h] 0x0000005a jmp 00007F2A91294720h 0x0000005f lea eax, dword ptr [ebp-2Ch] 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F2A91294727h 0x00000069 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80465 second address: 4B8047D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A913FCEA4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8047D second address: 4B8052E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d push ecx 0x0000000e push ebx 0x0000000f pop eax 0x00000010 pop edi 0x00000011 push ecx 0x00000012 pushfd 0x00000013 jmp 00007F2A91294723h 0x00000018 or cx, 34FEh 0x0000001d jmp 00007F2A91294729h 0x00000022 popfd 0x00000023 pop eax 0x00000024 popad 0x00000025 push eax 0x00000026 pushad 0x00000027 mov dl, al 0x00000029 push edi 0x0000002a mov eax, 661C7F5Bh 0x0000002f pop esi 0x00000030 popad 0x00000031 xchg eax, esi 0x00000032 jmp 00007F2A91294727h 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b call 00007F2A9129471Bh 0x00000040 pop eax 0x00000041 pushfd 0x00000042 jmp 00007F2A91294729h 0x00000047 sbb al, FFFFFFF6h 0x0000004a jmp 00007F2A91294721h 0x0000004f popfd 0x00000050 popad 0x00000051 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8052E second address: 4B80587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2A913FCEA7h 0x00000009 adc cx, AF2Eh 0x0000000e jmp 00007F2A913FCEA9h 0x00000013 popfd 0x00000014 movzx ecx, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F2A913FCEA4h 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80587 second address: 4B8058B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8058B second address: 4B80591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80591 second address: 4B805BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A9129471Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F2A91294720h 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B805BB second address: 4B805BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B805BF second address: 4B805C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B805C5 second address: 4B805CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B805CB second address: 4B805CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B805CF second address: 4B8061E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F2A913FCEA6h 0x00000011 pop ecx 0x00000012 pushfd 0x00000013 jmp 00007F2A913FCE9Bh 0x00000018 add cx, 755Eh 0x0000001d jmp 00007F2A913FCEA9h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8061E second address: 4B8062E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A9129471Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8062E second address: 4B80632 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80632 second address: 4B8064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 pushad 0x0000000a call 00007F2A9129471Dh 0x0000000f mov edx, esi 0x00000011 pop eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B8069B second address: 4B806D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCEA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2A913FCEA8h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B806D6 second address: 4B806DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B806DA second address: 4B806E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B806E0 second address: 4B806F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2A9129471Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B806F1 second address: 4B707D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F2B022DADF2h 0x0000000e xor eax, eax 0x00000010 jmp 00007F2A913D65CAh 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d sub esp, 04h 0x00000020 mov esi, eax 0x00000022 xor ebx, ebx 0x00000024 cmp esi, 00000000h 0x00000027 je 00007F2A913FCFD5h 0x0000002d call 00007F2A95579665h 0x00000032 mov edi, edi 0x00000034 pushad 0x00000035 mov esi, ebx 0x00000037 call 00007F2A913FCEA7h 0x0000003c mov cx, AF7Fh 0x00000040 pop esi 0x00000041 popad 0x00000042 push ebx 0x00000043 jmp 00007F2A913FCEA0h 0x00000048 mov dword ptr [esp], ebp 0x0000004b pushad 0x0000004c mov ecx, 388C9ABDh 0x00000051 mov ebx, ecx 0x00000053 popad 0x00000054 mov ebp, esp 0x00000056 pushad 0x00000057 push ebx 0x00000058 mov cl, 2Fh 0x0000005a pop ebx 0x0000005b popad 0x0000005c xchg eax, ecx 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 mov di, 99E0h 0x00000064 popad 0x00000065 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B707D9 second address: 4B707FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294726h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bl, al 0x0000000f movsx ebx, cx 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B707FD second address: 4B7085B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2A913FCE9Bh 0x00000013 jmp 00007F2A913FCEA3h 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007F2A913FCEA8h 0x0000001f sbb si, E418h 0x00000024 jmp 00007F2A913FCE9Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80A94 second address: 4B80B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294721h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2A91294721h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F2A9129471Eh 0x00000015 mov ebp, esp 0x00000017 jmp 00007F2A91294720h 0x0000001c cmp dword ptr [75AB459Ch], 05h 0x00000023 pushad 0x00000024 call 00007F2A9129471Eh 0x00000029 mov esi, 41F03621h 0x0000002e pop ecx 0x0000002f movsx edx, cx 0x00000032 popad 0x00000033 je 00007F2B02162619h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c mov cx, bx 0x0000003f jmp 00007F2A91294727h 0x00000044 popad 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80BA3 second address: 4B80BC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov edi, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007F2B022D1E5Ah 0x00000010 push 75A52B70h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov eax, dword ptr [esp+10h] 0x00000020 mov dword ptr [esp+10h], ebp 0x00000024 lea ebp, dword ptr [esp+10h] 0x00000028 sub esp, eax 0x0000002a push ebx 0x0000002b push esi 0x0000002c push edi 0x0000002d mov eax, dword ptr [75AB4538h] 0x00000032 xor dword ptr [ebp-04h], eax 0x00000035 xor eax, ebp 0x00000037 push eax 0x00000038 mov dword ptr [ebp-18h], esp 0x0000003b push dword ptr [ebp-08h] 0x0000003e mov eax, dword ptr [ebp-04h] 0x00000041 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000048 mov dword ptr [ebp-08h], eax 0x0000004b lea eax, dword ptr [ebp-10h] 0x0000004e mov dword ptr fs:[00000000h], eax 0x00000054 ret 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F2A913FCE9Bh 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80BC0 second address: 4B80BC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80BC5 second address: 4B80BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, 00000000h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80BD9 second address: 4B80BDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B80C4C second address: 4B80C52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90824 second address: 4B9082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B9082A second address: 4B9087F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F2A913FCEA2h 0x0000000f pushad 0x00000010 mov dx, ax 0x00000013 movzx ecx, bx 0x00000016 popad 0x00000017 popad 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c call 00007F2A913FCEA5h 0x00000021 mov si, 5257h 0x00000025 pop ecx 0x00000026 mov cl, bh 0x00000028 popad 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F2A913FCE9Bh 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B9087F second address: 4B908A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A91294729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908A3 second address: 4B908A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908A7 second address: 4B908AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908AD second address: 4B908B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, AE17h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908B6 second address: 4B908F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F2A91294723h 0x0000000d xchg eax, esi 0x0000000e jmp 00007F2A91294726h 0x00000013 mov esi, dword ptr [ebp+0Ch] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2A9129471Ah 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908F9 second address: 4B908FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B908FF second address: 4B909CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2A9129471Ch 0x00000009 adc si, AC48h 0x0000000e jmp 00007F2A9129471Bh 0x00000013 popfd 0x00000014 movzx eax, di 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test esi, esi 0x0000001c jmp 00007F2A9129471Bh 0x00000021 je 00007F2B0215219Ah 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F2A91294724h 0x0000002e or al, FFFFFFD8h 0x00000031 jmp 00007F2A9129471Bh 0x00000036 popfd 0x00000037 jmp 00007F2A91294728h 0x0000003c popad 0x0000003d cmp dword ptr [75AB459Ch], 05h 0x00000044 jmp 00007F2A91294720h 0x00000049 je 00007F2B0216A21Fh 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007F2A9129471Eh 0x00000056 add ah, FFFFFF98h 0x00000059 jmp 00007F2A9129471Bh 0x0000005e popfd 0x0000005f mov ch, 04h 0x00000061 popad 0x00000062 push ebx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 call 00007F2A9129471Dh 0x0000006b pop eax 0x0000006c mov ebx, 37F974A4h 0x00000071 popad 0x00000072 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | RDTSC instruction interceptor: First address: 4B90AE4 second address: 4B90AF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2A913FCE9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
Source: C:\Users\user\Desktop\tTGxYWtjG5.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |