Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: ISetup8.exe, 00000023.00000003.3016446842.000000000585C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://download.iolo.net |
Source: svchost.exe, 00000013.00000003.2285131926.0000025E535F0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: ISetup8.exe, 00000023.00000003.3016446842.000000000585C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://google.com |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2.. |
Source: powershell.exe, 00000008.00000002.2542158333.000001A31C51F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DD83000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://ocsp.digicert.com0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://ocsp.digicert.com0A |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0H |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0I |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://ocsp.digicert.com0X |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DD30000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C4B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: ISetup8.exe, 00000023.00000003.3016446842.000000000585C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://svc.iolo.com/__svc/sbv/DownloadManager.ashx |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DD30000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: ISetup8.exe, 00000023.00000003.3016446842.000000000585C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.indyproject.org/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: http://www.opera.com0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f.opera.com |
Source: RegAsm.exe, 0000001D.00000002.2663231938.0000000001348000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001D.00000002.3031292972.000000000357A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001D.00000002.2648072968.00000000012C8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop/ |
Source: RegAsm.exe, 0000001D.00000002.2670127283.0000000001375000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop/api |
Source: RegAsm.exe, 0000001D.00000002.3031292972.0000000003570000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop/apiA |
Source: RegAsm.exe, 0000001D.00000002.3031292972.000000000357A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop/apiW |
Source: RegAsm.exe, 0000001D.00000002.2648072968.00000000012E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop:443/api |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C4B1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore68 |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DAD6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30D9F3000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30DAD6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/winsvr-2022-pshelpX |
Source: Traffic.exe, 0000000F.00000002.2321334601.0000000002648000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://api.ip.s |
Source: alexxxxxxxx.exe, 0000000A.00000002.2271671273.0000000003B73000.00000004.00000800.00020000.00000000.sdmp, propro.exe, 0000000E.00000000.2242693260.0000000000A22000.00000002.00000001.01000000.0000000D.sdmp, Traffic.exe, 0000000F.00000002.2321334601.0000000002648000.00000004.00000800.00020000.00000000.sdmp, jok.exe, 0000002F.00000000.2550237363.00000000006A1000.00000002.00000001.01000000.00000021.sdmp | String found in binary or memory: https://api.ip.sb/ip |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://autoupdate.geo.opera.com/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://autoupdate.geo.opera.com/geolocation/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktophttps://cr |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30DD83000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30DD83000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30DD83000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://crashpad.chromium.org/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://crashpad.chromium.org/bug/new |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://crashstats-collector.opera.com/collector/submit |
Source: Traffic.exe, 0000000F.00000002.2321334601.000000000270D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://discord.com/api/v9/users/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller |
Source: RegAsm.exe, 00000015.00000002.2567701880.0000000001250000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.2567701880.00000000012B1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000015.00000002.2650906169.00000000033B0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://economicscreateojsu.shop/ |
Source: RegAsm.exe, 00000015.00000002.2650906169.00000000033BE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://economicscreateojsu.shop/api |
Source: RegAsm.exe, 00000015.00000002.2650906169.00000000033BE000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://economicscreateojsu.shop/apip |
Source: RegAsm.exe, 00000015.00000002.2567701880.0000000001250000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://economicscreateojsu.shop:443/api |
Source: RegAsm.exe, 00000015.00000002.2567701880.0000000001250000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://economicscreateojsu.shop:443/api) |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s |
Source: svchost.exe, 00000013.00000003.2285131926.0000025E5364E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/Prod1C: |
Source: svchost.exe, 00000013.00000003.2285131926.0000025E535F0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C: |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://gamemaker.io |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://gamemaker.io) |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://gamemaker.io/en/education. |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://gamemaker.io/en/get. |
Source: powershell.exe, 00000008.00000002.2329069895.000001A30C6D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DD30000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://help.instagram.com/581066165581870; |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://help.opera.com/latest/ |
Source: NewB.exe, 00000017.00000003.2353346772.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/ |
Source: NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/45c777cd634b90d85bd90992c72a11ec/4767d2e713f2021e8fe856e3ea638b58.exe |
Source: NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/AV |
Source: NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/IV |
Source: NewB.exe, 00000017.00000003.2353346772.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/a638b58.exe |
Source: NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/iV |
Source: NewB.exe, 00000017.00000003.2332265607.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, NewB.exe, 00000017.00000003.2332141365.0000000000F84000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://junglethomas.com/qV |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://legal.opera.com/eula/computers |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://legal.opera.com/privacy |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://legal.opera.com/privacy. |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://legal.opera.com/terms |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://legal.opera.com/terms. |
Source: powershell.exe, 00000008.00000002.2542158333.000001A31C51F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2329069895.000001A30DD83000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://opera.com/privacy |
Source: NewB.exe, 00000017.00000003.2332224399.0000000000FBF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe |
Source: Uni400uni.exe, 00000028.00000002.3022619723.0000025500041000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://policies.google.com/terms; |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://redir.opera.com/uninstallsurvey/ |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://sectigo.com/CPS0D |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://sourcecode.opera.com |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://telegram.org/tos/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://twitter.com/en/tos; |
Source: ISetup8.exe, 00000023.00000003.3016446842.0000000005C48000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.opera.com |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.opera.com.. |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.opera.com/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.opera.com/download/ |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.opera.com/privacy |
Source: l9eBjdHLCrnnkZZKJdDffPtE.exe.45.dr | String found in binary or memory: https://www.whatsapp.com/legal; |
Source: file300un.exe, 00000027.00000002.3456932485.0000027AB9251000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://yip.su/RNWPd.exeChttps://pastebin.com/raw/E0rY26ni5https://iplogger.com/1lyxz |
Source: unknown | Process created: C:\Users\user\Desktop\bUWKfj04aU.exe "C:\Users\user\Desktop\bUWKfj04aU.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | |
Source: C:\Windows\System32\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe "C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process created: C:\Users\user\AppData\Roaming\configurationValue\propro.exe "C:\Users\user\AppData\Roaming\configurationValue\propro.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process created: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe "C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe" | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe "C:\Users\user\AppData\Local\Temp\1001053001\gold.exe" | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" /F | |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe "C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\System32\conhost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5564 -ip 5564 | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 920 | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe "C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe "C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe "C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001084001\random.exe "C:\Users\user\AppData\Local\Temp\1001084001\random.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe "C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe "C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe "C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe "C:\Users\user\AppData\Local\Temp\1001107001\jok.exe" | |
Source: C:\Windows\System32\conhost.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 500 -p 7684 -ip 7684 | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7684 -s 1076 | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe "C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe "C:\Users\user\AppData\Local\Temp\1001053001\gold.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" /F | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe "C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001084001\random.exe "C:\Users\user\AppData\Local\Temp\1001084001\random.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe "C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe "C:\Users\user\AppData\Local\Temp\1001107001\jok.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process created: C:\Users\user\AppData\Roaming\configurationValue\propro.exe "C:\Users\user\AppData\Roaming\configurationValue\propro.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process created: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe "C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" /F | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe "C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe "C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe "C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process created: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe "C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\WerFault.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: unknown unknown | |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: dui70.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: duser.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: chartv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: atlthunk.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ifmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mprapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasmontr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mfc42u.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: authfwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcmonitor.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3cfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dot3api.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: onex.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: eappprxy.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: fwcfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: hnetmon.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netshell.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nlaapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netsetupapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: netiohlp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nettrace.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: httpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: activeds.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: polstore.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winipsec.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: adsldpc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: nshwfp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2pnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: p2p.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rpcnsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wcnnetsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlanapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: whhelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wlancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wshelper.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwancfg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wwapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wcmapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mobilenetworking.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: peerdistsh.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: ktmw32.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: mprmsg.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kdscli.dll | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Section loaded: wldp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mscoree.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.storage.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wldp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: propsys.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dlnashext.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wpdshext.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: edputil.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: netutils.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wintypes.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: appresolver.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: bcp47langs.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: slc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sppc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: dwrite.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: msvcp140_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: msisip.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: wshext.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: appxsip.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: opcservices.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: esdsip.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: dpapi.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: sxs.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: scrrun.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: linkinfo.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: secur32.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: wbemcomn.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: amsi.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Section loaded: windowscodecs.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: dwrite.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: textshaping.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: textinputframework.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: coreuicomponents.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: coremessaging.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: ntmarta.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: coremessaging.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: webio.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: appresolver.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: bcp47langs.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: slc.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: sppc.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: dpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: gpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: mscoree.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: vcruntime140_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: ucrtbase_clr0400.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: apphelp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: aclayers.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mpr.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sfc_os.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winhttp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: webio.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mswsock.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: iphlpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: winnsi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dnsapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rasadhlp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: schannel.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ntasn1.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncrypt.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: msasn1.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptsp.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: rsaenh.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: cryptbase.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: dpapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: amsi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: userenv.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: profapi.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: version.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: wbemcomn.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: apphelp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: msimg32.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: msvcr100.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: powrprof.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Section loaded: umpdc.dll | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\JgoflcD9Q8N9LvT5krhponwA.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\ISetup8[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\Ee4C8pygmuP2wWmHYlaPNRsj.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FirstZ[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\g9ls6tmSqvqEPFEPMTLxj5T8.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\7cKVSqTv7NnDDL1Bxf0FokVy.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\A47mXAfrsBDpojX2UlRMyVjb.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001152001\DocuWorks.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\emoDG0nH5rlkVVnXgc1mj5b6.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\tH2mUUONokvK3vL8ubpXbilZ.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\sx0rXq9mQR9aeLWBWHbPdr14.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\3Qu8OOESjPevn9hgYpoGckO6.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\JLiIrbSzLzOnR0erkK3iGyEU.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\uhjRBnwj8K4T9LYmtd6M66hw.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\wXamxKfyZPmwZrj3GYJOigy8.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\uuRE7gXsEM4RR1NoZUBwtrlp.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\VxBZwWSDvyrtFfizMLyM1BzT.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\hcidkkgbJV63mERAuLfsQa8h.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001142001\DocuWorks.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\DTvgIdE1FHJj9FUSxKWXL2RO.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\RqikXgL90rwJFOFaZuJPlBKd.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\6kv625NXRIyPYKeDaoPyctw3.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\SN8aMZWrntrM7YJrmHS2jN15.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\NewB[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\RoyNg8B8qjQgITKbssh3ShCc.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File created: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\MnKGY5RWTeEWMNUxbLjGgu1v.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\HwwnZ3CpAQLjyKlmGEjpSgAe.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | File created: C:\Users\user\AppData\Local\Temp\u5ps.1.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001108001\swiiii.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\Xi37RtmryfYQA7AgXeZvjKIg.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\erPoCjwbFUG1W9A8W6y3CW6b.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\zFwKnsnVeTcdv2qgWZnCYFfo.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\5t4J6LPx9worlCEV5lJ6PESB.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\itMidjIgtoMzghFLrzdYkPDa.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\MpHOHCEEUzMhd1hQeZRzVhhz.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\8UpBCIaVf6AAjxJPhsi6WXaA.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\3kkvcuaTSYv6zr1LL5n1fFGV.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\SSO4jRyuUDShfiudMUcxy9PM.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\1nTmHrERKdzkaXW6uWP0ApYm.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\2pxZ3QGs5RsdEF32wezepFbS.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\KaHPEM2tjHD1595lRxdfqHsL.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\yUsmdV5pQCUMcoI7bnDHRZY9.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\swiiiii[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\wQWWfYa2Wpi02lLWRtocQHQR.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\QGd5vowLDGLbl9fCzFQRFDz6.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\sNUwctL7GkZ5u0NI0scxfcy0.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\TjI0ijcIo0xtphiVp90L9Ox0.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\UNI7mc4Nnga4yNCGVfbOvnYn.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\1YUCcdc2ns8K2t45poUN7Amx.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\HAM9LOmldo1zWlB6yIg4ket5.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\EobcTZAHsg9TkKb6ZiDxOQpo.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\OW0IY6qIxwA2vBNesoWOn7tx.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\9xT7E5Pb81hXRamadrxhTcKa.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\vSXx0NPQvyjoNMnvb7CbbdI3.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\tLniRa1wNfVBc8wtGlFeZuV5.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll | Jump to dropped file |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | File created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001084001\random.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\iwNl8K5vXvEOpYcZRlgRArUI.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\wZuV3PgWQZH6WkVb85MHgKez.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\MSGhyVQl8QvU645EqnDaDG5h.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\ikwgyD2WNrub0XxL5g8QM7GI.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\SYo7pMEIUYDach25xrEqQtfo.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\xEsbKulN7hG8EPnegeeycsh4.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\U56AmqiMe1O1Xr1D2Q9NTKco.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\vjbBGdKLPrfqevTO8NoyWGaS.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\e9BFbVGJvYbRX1O9pfx94p87.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File created: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\fbQkxrJoAES30cVcdBN8aXwZ.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\DocuWorks[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\aCC9Y3uZiPILOE7CPQBm3dqe.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\XOhApkVOUtZE8u9vX17eosOR.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\ZM1H78lrEQNEMSqAF8jMSK2I.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sarra[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\HJ7xEP91cEUeBnkYZsutN6xz.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\6OLUTXGxeOohIVqZzcEJ5alb.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\o8Jx9jV1oAFDNGwS0JdA5742.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\iWlE1PLcvZdqKeIUsVDIfjKo.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\QgQgG9QxK6KBBiRO6TDiG08X.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\Jow4Yx3Pjb1bpRyZH3KDPaVs.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\zkP3dJByFmLvW6zaaFPB4q1s.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\ULpJp44l4YgbS9xGxpGd4gFD.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\TB8gyY0giMN6fcZjZLzipP7P.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\b135cfRMuAwZwxqPJGvWitOU.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\Gp0jcfXPIousEInbW21jIMsf.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\1abyUXPEgy4bZxyXlnZFcHZ5.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\jEBnyzNlpnxYBpX0SzTsilYc.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\5zJHpAJpIRB1HYZQQAYjkJ25.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\oLeePKVd7zLdWzK9yLk3y6uB.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\duWjVWTrdvxVwAVHrNA8iMHG.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\NVX3Pk7yCVoYnwk8B8rP7BRQ.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe | File created: C:\ProgramData\wikombernizc\reakuqnanrkn.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\NfgsIliNy2FIhgIHRMVtFDp6.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\bgw33Otai3n3FHEj79p4BuQd.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\0Tp94y9MBurxJFhItxZ95EWw.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\eRuQ9CSoyYCbA7kgv2O4hBGL.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\ZoBfdkTi1TzYd4Qho9RGiD49.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\zTSMwf6EqjBUbab8YHX1tAIc.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\GbMT76fl6mAPfbFsS3x29QL1.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\fCvVPrm4SypzMQ6EiBEadgs1.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\XJI9AFzBIfKNprDgZXpUs99e.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\QxCv5P4RWl5NZ4tvZO0mZrz2.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\3u6RrNmizX68IHHLss9QqKUE.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | File created: C:\Users\user\AppData\Local\Temp\u5ps.0.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\jok[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\NzMhoMiQShLnUxfisrCBpUcg.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\UqEUiSMhaNIUaul1PMLhCUwN.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\kj4vlWepIIui5EUsEpaKN5uf.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\alexxxxxxxx[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\dUJDpd3reHboCY5zymPoYWZb.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\yB6Uf0WkvSc9vwkxXb9qHuqG.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\uOTCOcyWGW2C0V1L0OAjLfFo.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\QHSpBJfT7rENIQ9ncyZXQ7Pm.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\7oogYDdOsBiWJ9MKZ1L5HbFc.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\Uni400uni[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\dAQPk6VJcRnzNryadPob76ur.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\FUb10VYVGNCyaJzEYAYj3GQs.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\VScSUh49U4ILUy7wHZccpWfB.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\s72QQ1HEDtqfs0ltMB4uulZT.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\yhDNs5CKgcvWpHQdXrg6et6I.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\b7aAk4NsmjOyCEFaPAgyoXSd.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\AyNYT4O47VfBk09nQnrCijm6.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\bhUVpYwvm9Cx2G2Rs1dNzx32.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\ilujg24U0DrNyFRHYG8F01Xq.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\gold[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\KS0KCSisDq7pEmahBFThP4AT.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\p2n3E86Xy4ldROofshdOCL5V.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\eVxkDSvCJmjQQtpfadM6vVRZ.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\tqElYl8Fl4JU3kvWVy6e00VW.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\j5y10uqj39KWgJqNPePuwKtH.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\PX9pw9BSDC6GcNiwEOwN9eIo.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\swiiii[1].exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\file300un[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\RTdjK9qJEXQ928Kc9bfdj8uO.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\l9eBjdHLCrnnkZZKJdDffPtE.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\lGY9WNr93099Iipz5J2xUIwU.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\BD2oseXp7BCvMSmO4ZjO5L8H.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\fNXuIJPtZ25Cf8AC2M7nLhvu.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\ngPRyE3pVf7AVqsG4El6sbei.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\dG8PuyJTCxed1f6M5xR2MLtX.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\Mpw4JlCHhiliCOOFY4izjnxd.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\szmZp5wR4ysalkWrHfDx3ALH.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\QOC4MrQyBEQHndqZcvBUgBgA.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\4767d2e713f2021e8fe856e3ea638b58[1].exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\EwtRoEOPYdd062EDD7ELX587.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\NXiJY5ksTtPuwWHLdp7c611m.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\2dRkzCtGWj8VKkanaZyDrBYJ.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\AppData\Local\EbkuLW0CG2HYrP9ej87UFUE5.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | File created: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\oda8FFwXlvLarxOY0ZoPcs8X.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\pVHGmT1xb3UJCnVvgRWBUZ7Y.exe | Jump to dropped file |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | File created: C:\Users\user\Pictures\rig4vLmrODGxubaXNA7eu9mO.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A8F87A second address: A8F87E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A8F87E second address: A8F891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0738B194DDh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A8F891 second address: A8F8D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0738AFBE67h 0x0000000e jmp 00007F0738AFBE61h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0657 second address: AA066A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0738B194DBh 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA066A second address: AA066F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA066F second address: AA0677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA08EF second address: AA0908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d jmp 00007F0738AFBE5Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0A8C second address: AA0A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0A94 second address: AA0A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0A9B second address: AA0AAB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0738B194E2h 0x00000008 jbe 00007F0738B194D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0BFC second address: AA0C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0C00 second address: AA0C0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0C0E second address: AA0C46 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0738AFBE56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0738AFBE66h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0738AFBE62h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA0C46 second address: AA0C5A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 je 00007F0738B194E4h 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3751 second address: AA3755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3755 second address: AA3793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F0738B194D8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov esi, dword ptr [ebp+122D3875h] 0x0000002c call 00007F0738B194D9h 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3793 second address: AA3797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3797 second address: AA379D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA379D second address: AA37A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA37A3 second address: AA37D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a jmp 00007F0738B194DDh 0x0000000f pop ebx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F0738B194E3h 0x00000019 mov eax, dword ptr [eax] 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA37D9 second address: AA37DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA37DD second address: AA37E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA37E1 second address: AA386E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jnc 00007F0738AFBE60h 0x00000017 pop eax 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F0738AFBE58h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 jnc 00007F0738AFBE62h 0x00000038 push 00000003h 0x0000003a sub dword ptr [ebp+122D2C25h], esi 0x00000040 push 00000000h 0x00000042 pushad 0x00000043 and dx, 1700h 0x00000048 mov dword ptr [ebp+122D2ADBh], eax 0x0000004e popad 0x0000004f push 00000003h 0x00000051 movzx ecx, bx 0x00000054 call 00007F0738AFBE59h 0x00000059 push eax 0x0000005a push edx 0x0000005b push edi 0x0000005c jmp 00007F0738AFBE60h 0x00000061 pop edi 0x00000062 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA386E second address: AA38A6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0738B194EAh 0x00000008 jmp 00007F0738B194E4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0738B194E5h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA38A6 second address: AA38C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA39D0 second address: AA3A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jp 00007F0738B194D6h 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f push edi 0x00000010 mov dword ptr [ebp+122D2B03h], edi 0x00000016 pop edx 0x00000017 push 00000000h 0x00000019 add edx, 6EC11199h 0x0000001f push EF153085h 0x00000024 jmp 00007F0738B194DBh 0x00000029 add dword ptr [esp], 10EACFFBh 0x00000030 mov dword ptr [ebp+122D2D56h], eax 0x00000036 push 00000003h 0x00000038 sub dword ptr [ebp+122D2AD7h], esi 0x0000003e mov esi, ebx 0x00000040 push 00000000h 0x00000042 add dword ptr [ebp+122D29B2h], ebx 0x00000048 push 00000003h 0x0000004a mov edx, dword ptr [ebp+122D2D6Dh] 0x00000050 call 00007F0738B194D9h 0x00000055 jmp 00007F0738B194E0h 0x0000005a push eax 0x0000005b jmp 00007F0738B194DCh 0x00000060 mov eax, dword ptr [esp+04h] 0x00000064 pushad 0x00000065 pushad 0x00000066 jc 00007F0738B194D6h 0x0000006c jmp 00007F0738B194E0h 0x00000071 popad 0x00000072 push ebx 0x00000073 pushad 0x00000074 popad 0x00000075 pop ebx 0x00000076 popad 0x00000077 mov eax, dword ptr [eax] 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c jng 00007F0738B194D6h 0x00000082 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3B2E second address: AA3B46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3B46 second address: AA3C3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738B194E1h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 movzx ecx, si 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+122D2C6Ah], ecx 0x0000001b push 3F7F2421h 0x00000020 jmp 00007F0738B194DDh 0x00000025 xor dword ptr [esp], 3F7F24A1h 0x0000002c call 00007F0738B194E0h 0x00000031 mov esi, 5C752D2Bh 0x00000036 pop ecx 0x00000037 push 00000003h 0x00000039 call 00007F0738B194E7h 0x0000003e mov dword ptr [ebp+12447864h], ebx 0x00000044 pop edi 0x00000045 push 00000000h 0x00000047 mov esi, dword ptr [ebp+122D39D1h] 0x0000004d push 00000003h 0x0000004f jc 00007F0738B194DBh 0x00000055 sub dx, 0F20h 0x0000005a and esi, 630DD230h 0x00000060 call 00007F0738B194D9h 0x00000065 jmp 00007F0738B194E0h 0x0000006a push eax 0x0000006b jmp 00007F0738B194E3h 0x00000070 mov eax, dword ptr [esp+04h] 0x00000074 push eax 0x00000075 jns 00007F0738B194DCh 0x0000007b pop eax 0x0000007c mov eax, dword ptr [eax] 0x0000007e push edi 0x0000007f jnp 00007F0738B194ECh 0x00000085 jmp 00007F0738B194E6h 0x0000008a pop edi 0x0000008b mov dword ptr [esp+04h], eax 0x0000008f pushad 0x00000090 pushad 0x00000091 push eax 0x00000092 push edx 0x00000093 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3C3E second address: AA3C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE5Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AA3C56 second address: AA3CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F0738B194D8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D2BA4h], esi 0x00000028 push edi 0x00000029 movsx edi, bx 0x0000002c pop ecx 0x0000002d lea ebx, dword ptr [ebp+1244B697h] 0x00000033 push 00000000h 0x00000035 push edi 0x00000036 call 00007F0738B194D8h 0x0000003b pop edi 0x0000003c mov dword ptr [esp+04h], edi 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc edi 0x00000049 push edi 0x0000004a ret 0x0000004b pop edi 0x0000004c ret 0x0000004d adc cx, DEA1h 0x00000052 jg 00007F0738B194DCh 0x00000058 mov dword ptr [ebp+122D2A96h], ecx 0x0000005e xchg eax, ebx 0x0000005f je 00007F0738B194E4h 0x00000065 push edi 0x00000066 jmp 00007F0738B194DCh 0x0000006b pop edi 0x0000006c push eax 0x0000006d jl 00007F0738B194E2h 0x00000073 js 00007F0738B194DCh 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC4175 second address: AC4182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC4182 second address: AC418A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC418A second address: AC418F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC21F4 second address: AC2201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jc 00007F0738B194D6h 0x0000000c pop edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2308 second address: AC230E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC230E second address: AC2312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2A40 second address: AC2A45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2A45 second address: AC2A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2A4B second address: AC2A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2A51 second address: AC2A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2D3D second address: AC2D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2D43 second address: AC2D47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2EA5 second address: AC2EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2FF3 second address: AC2FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC2FF9 second address: AC3011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0738AFBE5Eh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC3011 second address: AC3016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC315C second address: AC319B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F0738AFBE5Dh 0x0000000c pop esi 0x0000000d pushad 0x0000000e pushad 0x0000000f jbe 00007F0738AFBE56h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b jne 00007F0738AFBE56h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F0738AFBE61h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A92E28 second address: A92E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 pushad 0x00000008 jns 00007F0738B194D6h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC4001 second address: AC4033 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738AFBE56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F0738AFBE64h 0x00000012 jmp 00007F0738AFBE5Fh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC4033 second address: AC4038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6DDB second address: AC6DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6DE0 second address: AC6DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0738B194D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6DEA second address: AC6DEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6DEE second address: AC6E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jp 00007F0738B194E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0738B194E2h 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6E22 second address: AC6E26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC72B0 second address: AC72D5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738B194E9h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC72D5 second address: AC72F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC5C0D second address: AC5C22 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F0738B194D8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC5C22 second address: AC5C2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F0738AFBE56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC6383 second address: AC638E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC7676 second address: AC769C instructions: 0x00000000 rdtsc 0x00000002 je 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F0738AFBE62h 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC769C second address: AC76B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AC76B0 second address: AC76BA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0738AFBE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A96408 second address: A9642B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DEh 0x00000007 push edi 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0738B194DBh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACECE2 second address: ACECE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACECE8 second address: ACECED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACECED second address: ACED14 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0738AFBE65h 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F0738AFBE58h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE331 second address: ACE34A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0738B194D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0738B194DAh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE34A second address: ACE352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE4A5 second address: ACE4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE94F second address: ACE955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE955 second address: ACE959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE959 second address: ACE986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0738AFBE63h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE986 second address: ACE98A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE98A second address: ACE994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE994 second address: ACE99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0738B194D6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACE99E second address: ACE9A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACEB60 second address: ACEB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACEB64 second address: ACEB70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACEB70 second address: ACEB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ACEB74 second address: ACEB78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD1F39 second address: AD1F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2001 second address: AD2006 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2006 second address: AD203C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F0738B194E6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jng 00007F0738B194D8h 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD203C second address: AD2045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2045 second address: AD2049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2049 second address: AD20C2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F0738AFBE63h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push ecx 0x00000017 jnp 00007F0738AFBE6Ah 0x0000001d pop ecx 0x0000001e pop eax 0x0000001f sub esi, 384566D2h 0x00000025 call 00007F0738AFBE59h 0x0000002a jmp 00007F0738AFBE66h 0x0000002f push eax 0x00000030 jc 00007F0738AFBE5Ah 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a pushad 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD20C2 second address: AD20CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD20CC second address: AD20DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD20DA second address: AD20E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD246B second address: AD2470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2470 second address: AD247F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD247F second address: AD2483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2483 second address: AD2487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD2638 second address: AD2642 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0738AFBE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD30E4 second address: AD30E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD30E8 second address: AD30EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD335D second address: AD3363 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD3363 second address: AD3384 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007F0738AFBE56h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push ecx 0x00000010 jmp 00007F0738AFBE5Ah 0x00000015 pop edi 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD3384 second address: AD338F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0738B194D6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD338F second address: AD3395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD4337 second address: AD433B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD416E second address: AD418D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD418D second address: AD4192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD531C second address: AD5326 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD5326 second address: AD532A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD532A second address: AD5388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov dword ptr [ebp+1244BF8Fh], esi 0x0000000e sub si, 1085h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F0738AFBE58h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov dword ptr [ebp+1244D3E9h], ecx 0x00000035 jmp 00007F0738AFBE66h 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+1244D405h], ebx 0x00000042 xchg eax, ebx 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD5388 second address: AD538C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD5C59 second address: AD5C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD6A08 second address: AD6A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADA20F second address: ADA215 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADE95C second address: ADE9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 push edi 0x0000000a sub edi, dword ptr [ebp+122DB47Bh] 0x00000010 pop edi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F0738B194D8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d and edi, dword ptr [ebp+122D384Dh] 0x00000033 push 00000000h 0x00000035 mov edi, eax 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jne 00007F0738B194D6h 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADE9A8 second address: ADE9B2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADEAE4 second address: ADEAF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADEAF7 second address: ADEB01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F0738AFBE56h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADEB01 second address: ADEB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE0995 second address: AE0A0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ebx, dword ptr [ebp+122D3A75h] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F0738AFBE58h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 movsx ebx, dx 0x0000003a mov eax, dword ptr [ebp+122D1355h] 0x00000040 push 00000000h 0x00000042 push edi 0x00000043 call 00007F0738AFBE58h 0x00000048 pop edi 0x00000049 mov dword ptr [esp+04h], edi 0x0000004d add dword ptr [esp+04h], 00000015h 0x00000055 inc edi 0x00000056 push edi 0x00000057 ret 0x00000058 pop edi 0x00000059 ret 0x0000005a movsx ebx, di 0x0000005d push FFFFFFFFh 0x0000005f push eax 0x00000060 clc 0x00000061 pop ebx 0x00000062 nop 0x00000063 push eax 0x00000064 push edx 0x00000065 push edx 0x00000066 push edi 0x00000067 pop edi 0x00000068 pop edx 0x00000069 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE0A0A second address: AE0A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE1A18 second address: AE1A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007F0738AFBE5Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE1A25 second address: AE1AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F0738B194E6h 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F0738B194D8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d movzx ebx, cx 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F0738B194D8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 mov edi, 691D45B0h 0x00000056 mov eax, dword ptr [ebp+122D02F5h] 0x0000005c push FFFFFFFFh 0x0000005e sub dword ptr [ebp+122D2D04h], edi 0x00000064 nop 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F0738B194DFh 0x0000006d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE1AC2 second address: AE1AED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0738AFBE62h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE3797 second address: AE37A1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE37A1 second address: AE37B3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738AFBE58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE37B3 second address: AE37B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE37B7 second address: AE37C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F0738AFBE56h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE47AE second address: AE47B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE398A second address: AE398E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE47B9 second address: AE47BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE398E second address: AE3994 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE47BD second address: AE4846 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F0738B194D8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007F0738B194D8h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 push 00000000h 0x00000044 push 00000000h 0x00000046 push ecx 0x00000047 call 00007F0738B194D8h 0x0000004c pop ecx 0x0000004d mov dword ptr [esp+04h], ecx 0x00000051 add dword ptr [esp+04h], 00000015h 0x00000059 inc ecx 0x0000005a push ecx 0x0000005b ret 0x0000005c pop ecx 0x0000005d ret 0x0000005e jl 00007F0738B194E3h 0x00000064 jmp 00007F0738B194DDh 0x00000069 xchg eax, esi 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e jnc 00007F0738B194D6h 0x00000074 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE3994 second address: AE3999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE4846 second address: AE484C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE484C second address: AE4852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE5903 second address: AE5964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738B194E3h 0x00000009 popad 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e add di, 4594h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F0738B194D8h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f movzx ebx, si 0x00000032 push 00000000h 0x00000034 pushad 0x00000035 mov dword ptr [ebp+1244D249h], edx 0x0000003b mov ah, A7h 0x0000003d popad 0x0000003e xchg eax, esi 0x0000003f pushad 0x00000040 jbe 00007F0738B194DCh 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE5964 second address: AE5983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007F0738AFBE63h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE5983 second address: AE598C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE9B07 second address: AE9B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F0738AFBE58h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 push 00000000h 0x00000025 movsx edi, cx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007F0738AFBE58h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 0000001Ah 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 mov bl, 3Eh 0x00000046 xchg eax, esi 0x00000047 pushad 0x00000048 pushad 0x00000049 push edx 0x0000004a pop edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE9B5E second address: AE9B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F0738B194D6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEAA43 second address: AEAA47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE6B69 second address: AE6B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE6B6D second address: AE6B8F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e jmp 00007F0738AFBE5Bh 0x00000013 pop edi 0x00000014 jc 00007F0738AFBE5Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AE9D79 second address: AE9D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F0738B194DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEBAD0 second address: AEBAED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEBAED second address: AEBAF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEAC85 second address: AEAC9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEBAF1 second address: AEBB09 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jne 00007F0738B194D6h 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEAC9C second address: AEACAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE5Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEBB09 second address: AEBB8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738B194E3h 0x00000008 jmp 00007F0738B194E8h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007F0738B194D8h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b add dword ptr [ebp+122D29E3h], edi 0x00000031 push 00000000h 0x00000033 clc 0x00000034 push 00000000h 0x00000036 mov ebx, dword ptr [ebp+1244C9CBh] 0x0000003c xchg eax, esi 0x0000003d jmp 00007F0738B194E1h 0x00000042 push eax 0x00000043 pushad 0x00000044 jng 00007F0738B194DCh 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEBB8E second address: AEBB92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AEDEB4 second address: AEDEE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007F0738B194E4h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF0CFC second address: AF0D2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jmp 00007F0738AFBE5Dh 0x00000012 pop ebx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF5FD4 second address: AF5FF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F0738B194DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF5FF2 second address: AF6010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F0738AFBE68h 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF6010 second address: AF6014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF6014 second address: AF601C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF56C0 second address: AF56D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738B194E0h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AF939D second address: AF93A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A97EA2 second address: A97EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A97EAF second address: A97EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A97EB3 second address: A97ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F0738B194E7h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A97ED2 second address: A97EEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE67h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFF5F6 second address: AFF610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194E0h 0x00000009 jnl 00007F0738B194D6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFF610 second address: AFF61E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F0738AFBE56h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFF8C2 second address: AFF8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFF8C6 second address: AFF8CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFF8CD second address: AFF8E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0738B194DCh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFFA46 second address: AFFA4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFFA4C second address: AFFA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFFD9A second address: AFFDBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE68h 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F0738AFBE56h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AFFF5A second address: AFFF5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B05AA9 second address: B05AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE5Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B047C1 second address: B04804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F0738B194D6h 0x0000000a popad 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 jo 00007F0738B194D6h 0x00000016 pop esi 0x00000017 push esi 0x00000018 jmp 00007F0738B194DDh 0x0000001d jmp 00007F0738B194E9h 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B04804 second address: B04818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE60h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B04818 second address: B0481C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B04967 second address: B04989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE69h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B04989 second address: B049AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0738B194E1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jno 00007F0738B194D6h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B044DE second address: B044E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B044E2 second address: B044F1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jc 00007F0738B194D6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B051E2 second address: B051E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B051E7 second address: B051FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0738B194D6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B051FA second address: B05238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F0738AFBE64h 0x00000010 jns 00007F0738AFBE56h 0x00000016 popad 0x00000017 js 00007F0738AFBE68h 0x0000001d jmp 00007F0738AFBE62h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: A913E8 second address: A913FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 jg 00007F0738B194D6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBA05 second address: ADBA1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007F0738AFBE56h 0x0000000d pop edx 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBA1C second address: ADBA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jo 00007F0738B194E5h 0x00000010 pushad 0x00000011 jmp 00007F0738B194DBh 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 pop eax 0x0000001a mov dword ptr [ebp+122D2C6Ah], esi 0x00000020 push BE79C39Fh 0x00000025 pushad 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBA4B second address: ADBA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE67h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBCB1 second address: ADBCB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBCB5 second address: ADBCCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBEF3 second address: ADBEF9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADBEF9 second address: ADBF75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0738AFBE5Ch 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F0738AFBE58h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a ja 00007F0738AFBE59h 0x00000030 push 00000004h 0x00000032 adc ecx, 490CB917h 0x00000038 nop 0x00000039 push ebx 0x0000003a jmp 00007F0738AFBE5Ah 0x0000003f pop ebx 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jo 00007F0738AFBE5Ch 0x00000049 js 00007F0738AFBE56h 0x0000004f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC31A second address: ADC31F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC31F second address: ADC331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F0738AFBE64h 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC331 second address: ADC335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC335 second address: ADC3B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F0738AFBE58h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Ah 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 mov dword ptr [ebp+1244868Bh], edi 0x00000027 push 0000001Eh 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F0738AFBE58h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov cl, 24h 0x00000045 nop 0x00000046 jmp 00007F0738AFBE69h 0x0000004b push eax 0x0000004c pushad 0x0000004d jno 00007F0738AFBE5Ch 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC3B0 second address: ADC3B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC3B4 second address: ADC3B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC794 second address: ADC798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC798 second address: ADC7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jng 00007F0738AFBE58h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jnl 00007F0738AFBE58h 0x00000017 popad 0x00000018 nop 0x00000019 push eax 0x0000001a pop ecx 0x0000001b lea eax, dword ptr [ebp+124830FBh] 0x00000021 or dword ptr [ebp+1244D0A1h], eax 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push edx 0x0000002b jo 00007F0738AFBE56h 0x00000031 pop edx 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC7CC second address: ADC7DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194DEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F1B5 second address: B0F1B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F1B9 second address: B0F1C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F2F6 second address: B0F32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0738AFBE61h 0x0000000b popad 0x0000000c jmp 00007F0738AFBE67h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jng 00007F0738AFBE56h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F32F second address: B0F34A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F0738B194E0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F34A second address: B0F366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0738AFBE5Fh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0F366 second address: B0F38F instructions: 0x00000000 rdtsc 0x00000002 je 00007F0738B194D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007F0738B194D6h 0x00000011 jmp 00007F0738B194E4h 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B0FBE0 second address: B0FC19 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0738AFBE56h 0x00000008 jmp 00007F0738AFBE64h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F0738AFBE68h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B11693 second address: B11699 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B11699 second address: B1169F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16417 second address: B1641C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1641C second address: B16436 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0738AFBE6Ch 0x00000008 jmp 00007F0738AFBE60h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16AE8 second address: B16AEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16AEC second address: B16B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0738AFBE5Dh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16EEA second address: B16F16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0738B194E6h 0x0000000b push ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop ecx 0x0000000f popad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F0738B194D6h 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16F16 second address: B16F26 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B16F26 second address: B16F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B17084 second address: B1708A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1708A second address: B1708F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1708F second address: B170AB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0738AFBE67h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B170AB second address: B170F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F0738B194E1h 0x0000000b jmp 00007F0738B194E3h 0x00000010 jmp 00007F0738B194E8h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B172B1 second address: B172CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738AFBE69h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B172CF second address: B172D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1BBDB second address: B1BBE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1BBE2 second address: B1BBE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1BBE8 second address: B1BBEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1B4FA second address: B1B506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1B506 second address: B1B50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1B7A6 second address: B1B7B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0738B194D6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1DF6E second address: B1DF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1DB37 second address: B1DB3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B1DB3D second address: B1DB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0738AFBE5Ah 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B23688 second address: B2368D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2368D second address: B23699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F0738AFBE56h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: ADC18B second address: ADC190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B23C54 second address: B23C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 jbe 00007F0738AFBE79h 0x0000000f jmp 00007F0738AFBE62h 0x00000014 jmp 00007F0738AFBE61h 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B23C86 second address: B23CA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738B194E5h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B26E7B second address: B26EAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F0738AFBE69h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B26EAE second address: B26EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B26EB5 second address: B26EBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B26EBD second address: B26EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B27047 second address: B27050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B27050 second address: B27054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B27054 second address: B27058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B27058 second address: B2706A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0738B194D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2706A second address: B2706E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2A7D7 second address: B2A81C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jng 00007F0738B194D6h 0x0000000e jmp 00007F0738B194E8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 jmp 00007F0738B194E6h 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 pop edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2A81C second address: B2A825 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AAD2 second address: B2AAE0 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0738B194D8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AAE0 second address: B2AAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AAE4 second address: B2AAEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AC81 second address: B2AC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AC8B second address: B2ACA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738B194E1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2ACA0 second address: B2ACC0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F0738AFBE56h 0x0000000e jmp 00007F0738AFBE62h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2ADFB second address: B2ADFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AF48 second address: B2AF4E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AF4E second address: B2AF7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0738B194E5h 0x0000000b pushad 0x0000000c jnp 00007F0738B194D6h 0x00000012 jnp 00007F0738B194D6h 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B2AF7A second address: B2AF93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F0738AFBE60h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B32A19 second address: B32A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B3335E second address: B33372 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0738AFBE56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F0738AFBE56h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B33372 second address: B33390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0738B194E6h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B33390 second address: B33394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B336CA second address: B336D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B33F60 second address: B33F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B33F66 second address: B33F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B33F6A second address: B33F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B345EF second address: B34626 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0738B194E5h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0738B194E7h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B34626 second address: B3462A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B3462A second address: B3463E instructions: 0x00000000 rdtsc 0x00000002 je 00007F0738B194D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F0738B194DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B386C2 second address: B386CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B386CA second address: B386E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0738B194E0h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37939 second address: B37943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37943 second address: B3794D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B3794D second address: B3795D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0738AFBE5Bh 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37AA5 second address: B37AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37AA9 second address: B37AC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE63h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37E98 second address: B37E9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37E9E second address: B37EBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37EBB second address: B37EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0738B194D6h 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B37EC6 second address: B37ED0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738AFBE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B400DD second address: B400ED instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0738B194D6h 0x00000008 jp 00007F0738B194D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B400ED second address: B40102 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007F0738AFBE56h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B47D9D second address: B47DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B47DA2 second address: B47DAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0738AFBE56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B46036 second address: B46075 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0738B194ECh 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0738B194E4h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F0738B194D6h 0x0000001a jmp 00007F0738B194E6h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B46075 second address: B460A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0738AFBE5Fh 0x0000000e push edi 0x0000000f jg 00007F0738AFBE56h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B463C9 second address: B463CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B463CD second address: B463E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B463E5 second address: B46403 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F0738B194D8h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B46403 second address: B4640A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B4651C second address: B46536 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0738B194DCh 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F0738B194D6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B46816 second address: B4681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B4681C second address: B46820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B46820 second address: B46824 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B4D767 second address: B4D76B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B4D76B second address: B4D783 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0738AFBE56h 0x00000008 jc 00007F0738AFBE56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B4D4A7 second address: B4D4AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B5905D second address: B59070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE5Fh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B59070 second address: B5907A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0738B194D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B591D9 second address: B591E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B591E1 second address: B591E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B591E7 second address: B591F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0738AFBE56h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B5E821 second address: B5E825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B5E825 second address: B5E82C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B6B4E6 second address: B6B4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007F0738B194DCh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B6EE27 second address: B6EE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B6EE2F second address: B6EE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B7494D second address: B74957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F0738AFBE56h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B731F7 second address: B731FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B731FB second address: B73203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B7338E second address: B73394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B73394 second address: B7339A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B7339A second address: B733C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0738B194E0h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F0738B194DCh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B733C9 second address: B733CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B736B1 second address: B736CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F0738B194E2h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B73828 second address: B73839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738AFBE5Dh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B73839 second address: B7384D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0738B194D6h 0x0000000a jmp 00007F0738B194DAh 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B7384D second address: B73851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B74609 second address: B74616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0738B194D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B74616 second address: B74625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F0738AFBE56h 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B74625 second address: B74630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B74630 second address: B74636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B74636 second address: B7463C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B77B59 second address: B77B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0738AFBE56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B77B64 second address: B77B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0738B194E1h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B77B7E second address: B77B8F instructions: 0x00000000 rdtsc 0x00000002 je 00007F0738AFBE56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B77B8F second address: B77BB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0738B194E2h 0x0000000f jc 00007F0738B194D6h 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B7A5FF second address: B7A603 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B84E68 second address: B84E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B8D81C second address: B8D84F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0738AFBE5Dh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jl 00007F0738AFBE6Ch 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F0738AFBE64h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B8D84F second address: B8D857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B8F3E6 second address: B8F3EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B9C20B second address: B9C20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B9C20F second address: B9C230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B9DC45 second address: B9DC49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: B9DC49 second address: B9DC63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F0738AFBE56h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB7A7C second address: BB7A80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB7BAA second address: BB7BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0738AFBE60h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB7BC2 second address: BB7BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0738B194DAh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB87CA second address: BB87D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0738AFBE56h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB87D4 second address: BB87E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F0738B194DEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB87E2 second address: BB880F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jl 00007F0738AFBE5Eh 0x0000000f jg 00007F0738AFBE56h 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F0738AFBE63h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BB880F second address: BB883D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F0738B194D6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F0738B194D6h 0x00000015 jmp 00007F0738B194E9h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BBCADF second address: BBCAE9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0738AFBE5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: BBCD4C second address: BBCD52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52600FA second address: 52600FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52600FF second address: 5260110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx ecx, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260110 second address: 5260114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260114 second address: 5260118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260118 second address: 526011E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 526011E second address: 526012D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194DBh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 526012D second address: 526014A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0738AFBE60h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240E67 second address: 5240E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240E6B second address: 5240E71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240E71 second address: 5240F22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, B0h 0x00000005 pushfd 0x00000006 jmp 00007F0738B194E7h 0x0000000b sub ecx, 1BE1F5FEh 0x00000011 jmp 00007F0738B194E9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F0738B194E7h 0x00000022 sbb esi, 0AE8480Eh 0x00000028 jmp 00007F0738B194E9h 0x0000002d popfd 0x0000002e mov dh, al 0x00000030 popad 0x00000031 xchg eax, ebp 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 pushfd 0x00000036 jmp 00007F0738B194DFh 0x0000003b sbb eax, 4603861Eh 0x00000041 jmp 00007F0738B194E9h 0x00000046 popfd 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240F22 second address: 5240F64 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0738AFBE60h 0x00000008 and ecx, 48A77C18h 0x0000000e jmp 00007F0738AFBE5Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ecx, 24C937CFh 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F0738AFBE61h 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240F64 second address: 5240F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194DCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240F74 second address: 5240F86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c movzx eax, dx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5290067 second address: 52900C1 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a mov esi, ebx 0x0000000c pushfd 0x0000000d jmp 00007F0738B194DFh 0x00000012 or esi, 5744D84Eh 0x00000018 jmp 00007F0738B194E9h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0738B194E8h 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52900C1 second address: 52900C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52900C7 second address: 52900CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52900CD second address: 5290106 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0738AFBE67h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5290106 second address: 5290152 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, cx 0x00000010 pushfd 0x00000011 jmp 00007F0738B194E4h 0x00000016 sbb ecx, 67C6FE48h 0x0000001c jmp 00007F0738B194DBh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220161 second address: 5220167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220167 second address: 52201B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0738B194E8h 0x00000009 add ah, FFFFFF98h 0x0000000c jmp 00007F0738B194DBh 0x00000011 popfd 0x00000012 mov edx, esi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 mov edx, 7F4F1B86h 0x0000001e mov dl, 6Ah 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 call 00007F0738B194DBh 0x0000002a pop esi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52201B3 second address: 52201B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52201B8 second address: 52201BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52201BE second address: 522024C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F0738AFBE5Ch 0x00000014 pushfd 0x00000015 jmp 00007F0738AFBE62h 0x0000001a adc ecx, 63D83BB8h 0x00000020 jmp 00007F0738AFBE5Bh 0x00000025 popfd 0x00000026 popad 0x00000027 jmp 00007F0738AFBE68h 0x0000002c popad 0x0000002d push dword ptr [ebp+04h] 0x00000030 jmp 00007F0738AFBE60h 0x00000035 push dword ptr [ebp+0Ch] 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b jmp 00007F0738AFBE5Dh 0x00000040 mov ax, 7CB7h 0x00000044 popad 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220298 second address: 52202BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738B194E5h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240B75 second address: 5240B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240B7B second address: 5240B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524080F second address: 5240813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240813 second address: 5240819 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240819 second address: 524088F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0738AFBE5Bh 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 call 00007F0738AFBE64h 0x00000016 pop edi 0x00000017 call 00007F0738AFBE5Eh 0x0000001c jmp 00007F0738AFBE62h 0x00000021 pop ecx 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 jmp 00007F0738AFBE61h 0x0000002a pop ebp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov bh, 71h 0x00000030 mov esi, 61AC774Bh 0x00000035 popad 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524088F second address: 5240895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240895 second address: 5240899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240760 second address: 5240766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240766 second address: 524076C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524076C second address: 5240770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240770 second address: 5240798 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov cx, dx 0x0000000d movsx edx, ax 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 jmp 00007F0738AFBE5Eh 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240798 second address: 52407B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52407B5 second address: 52407C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE5Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240495 second address: 5240512 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, dx 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F0738B194DCh 0x00000012 and ax, C4F8h 0x00000017 jmp 00007F0738B194DBh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F0738B194E8h 0x00000023 xor esi, 01D21F58h 0x00000029 jmp 00007F0738B194DBh 0x0000002e popfd 0x0000002f popad 0x00000030 xchg eax, ebp 0x00000031 jmp 00007F0738B194E6h 0x00000036 mov ebp, esp 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F0738B194DAh 0x00000041 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240512 second address: 5240518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240518 second address: 524051E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524051E second address: 5240522 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E0F second address: 5280E1D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E1D second address: 5280E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E21 second address: 5280E25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E25 second address: 5280E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E2B second address: 5280E31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E31 second address: 5280E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280E35 second address: 5280E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F0738B194DEh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F0738B194DEh 0x0000001a and ch, FFFFFFF8h 0x0000001d jmp 00007F0738B194DBh 0x00000022 popfd 0x00000023 push eax 0x00000024 push edx 0x00000025 call 00007F0738B194E6h 0x0000002a pop eax 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 526045C second address: 5260471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 0DD5EDFFh 0x00000008 mov cx, 6B1Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260471 second address: 52604AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, B8h 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F0738B194DAh 0x0000000f pop esi 0x00000010 mov dh, 67h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F0738B194DAh 0x00000019 mov ebp, esp 0x0000001b jmp 00007F0738B194E0h 0x00000020 mov eax, dword ptr [ebp+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52604AF second address: 52604CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52604CC second address: 5260502 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0738B194E7h 0x00000008 mov bx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e and dword ptr [eax], 00000000h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0738B194E1h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260502 second address: 526052A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax+04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0738AFBE5Dh 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240666 second address: 524066D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524066D second address: 524067B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524067B second address: 524067F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 524067F second address: 5240685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5240685 second address: 52406FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0738B194DEh 0x00000013 sub ax, 6178h 0x00000018 jmp 00007F0738B194DBh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F0738B194E8h 0x00000024 xor ecx, 4BAFFBD8h 0x0000002a jmp 00007F0738B194DBh 0x0000002f popfd 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F0738B194E5h 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260019 second address: 5260050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0738AFBE5Eh 0x0000000f push eax 0x00000010 jmp 00007F0738AFBE5Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260050 second address: 5260054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260054 second address: 526006F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 526006F second address: 5260075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260075 second address: 5260079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260079 second address: 526007D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 526007D second address: 5260093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738AFBE5Ah 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5260093 second address: 52600AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov dl, 63h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0738B194DBh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 528067A second address: 5280680 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280680 second address: 5280684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280684 second address: 5280688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280688 second address: 52806A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0738B194E5h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52806A8 second address: 52806AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52806AE second address: 52806B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52806B2 second address: 52806FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007F0738AFBE66h 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0738AFBE67h 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52806FF second address: 5280728 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop esi 0x0000000f mov edx, 387DAAFAh 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280728 second address: 528074D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738AFBE5Eh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 528074D second address: 5280772 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0738B194E2h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280772 second address: 52807B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, esi 0x00000008 popad 0x00000009 mov eax, dword ptr [774365FCh] 0x0000000e pushad 0x0000000f pushad 0x00000010 mov eax, edi 0x00000012 mov ch, bl 0x00000014 popad 0x00000015 popad 0x00000016 test eax, eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007F0738AFBE62h 0x00000021 xor esi, 6FF0D558h 0x00000027 jmp 00007F0738AFBE5Bh 0x0000002c popfd 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52807B2 second address: 52807EC instructions: 0x00000000 rdtsc 0x00000002 mov ebx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F0738B194E4h 0x0000000b movzx esi, di 0x0000000e pop edx 0x0000000f popad 0x00000010 je 00007F07AAC4C66Bh 0x00000016 pushad 0x00000017 mov cx, 0BEFh 0x0000001b mov al, 78h 0x0000001d popad 0x0000001e mov ecx, eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov eax, 06B6CEDFh 0x00000028 mov cl, 79h 0x0000002a popad 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52807EC second address: 528087B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F0738AFBE61h 0x00000011 and ecx, 1Fh 0x00000014 pushad 0x00000015 call 00007F0738AFBE5Ch 0x0000001a pushfd 0x0000001b jmp 00007F0738AFBE62h 0x00000020 and cx, 1ED8h 0x00000025 jmp 00007F0738AFBE5Bh 0x0000002a popfd 0x0000002b pop esi 0x0000002c mov di, 2C1Ch 0x00000030 popad 0x00000031 ror eax, cl 0x00000033 jmp 00007F0738AFBE5Bh 0x00000038 leave 0x00000039 jmp 00007F0738AFBE66h 0x0000003e retn 0004h 0x00000041 nop 0x00000042 mov esi, eax 0x00000044 lea eax, dword ptr [ebp-08h] 0x00000047 xor esi, dword ptr [00921014h] 0x0000004d push eax 0x0000004e push eax 0x0000004f push eax 0x00000050 lea eax, dword ptr [ebp-10h] 0x00000053 push eax 0x00000054 call 00007F073D49CCA9h 0x00000059 push FFFFFFFEh 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 528087B second address: 5280881 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5280881 second address: 52808C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007F0738AFBE60h 0x0000000f ret 0x00000010 nop 0x00000011 push eax 0x00000012 call 00007F073D49CCDAh 0x00000017 mov edi, edi 0x00000019 pushad 0x0000001a mov ecx, 0E8C2B0Dh 0x0000001f mov ax, 6B09h 0x00000023 popad 0x00000024 xchg eax, ebp 0x00000025 pushad 0x00000026 mov ecx, 362A7241h 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230012 second address: 5230039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738B194E5h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230039 second address: 5230049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE5Ch 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230049 second address: 52300AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0738B194DFh 0x00000013 or ax, 435Eh 0x00000018 jmp 00007F0738B194E9h 0x0000001d popfd 0x0000001e mov di, si 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0738B194E9h 0x0000002a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52300AB second address: 52300B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52300B1 second address: 52300FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F0738B194E5h 0x00000011 or ax, 45A6h 0x00000016 jmp 00007F0738B194E1h 0x0000001b popfd 0x0000001c mov ecx, 776A1CD7h 0x00000021 popad 0x00000022 and esp, FFFFFFF8h 0x00000025 pushad 0x00000026 mov ax, CFCFh 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52300FB second address: 52300FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52300FF second address: 5230103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230103 second address: 5230120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0738AFBE63h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230120 second address: 5230174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 pushfd 0x00000011 jmp 00007F0738B194DFh 0x00000016 add ax, 339Eh 0x0000001b jmp 00007F0738B194E9h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230174 second address: 52301BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F0738AFBE5Eh 0x0000000f xchg eax, ebx 0x00000010 jmp 00007F0738AFBE60h 0x00000015 push eax 0x00000016 jmp 00007F0738AFBE5Bh 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52301BE second address: 5230206 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c jmp 00007F0738B194E0h 0x00000011 xchg eax, esi 0x00000012 jmp 00007F0738B194E0h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b call 00007F0738B194DCh 0x00000020 pop ecx 0x00000021 mov eax, edx 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230206 second address: 5230230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738AFBE67h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230230 second address: 5230248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194E4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230248 second address: 5230292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f call 00007F0738AFBE64h 0x00000014 mov dh, ch 0x00000016 pop edi 0x00000017 mov eax, 29BD4223h 0x0000001c popad 0x0000001d xchg eax, edi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F0738AFBE65h 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230292 second address: 5230298 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230298 second address: 52302A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302A6 second address: 52302AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, di 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302AE second address: 52302B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302B4 second address: 52302B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302B8 second address: 52302BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302BC second address: 52302EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 jmp 00007F0738B194E0h 0x0000000e test esi, esi 0x00000010 pushad 0x00000011 mov cl, E4h 0x00000013 mov si, di 0x00000016 popad 0x00000017 je 00007F07AAC9780Dh 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov si, EA7Dh 0x00000024 movzx esi, bx 0x00000027 popad 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52302EF second address: 523038C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 pushad 0x00000011 movzx ecx, bx 0x00000014 mov dh, 54h 0x00000016 popad 0x00000017 je 00007F07AAC7A16Ch 0x0000001d jmp 00007F0738AFBE62h 0x00000022 mov edx, dword ptr [esi+44h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F0738AFBE5Eh 0x0000002c and eax, 5082DA18h 0x00000032 jmp 00007F0738AFBE5Bh 0x00000037 popfd 0x00000038 mov esi, 59E36DCFh 0x0000003d popad 0x0000003e or edx, dword ptr [ebp+0Ch] 0x00000041 jmp 00007F0738AFBE62h 0x00000046 test edx, 61000000h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F0738AFBE67h 0x00000053 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 523038C second address: 52303CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F07AAC977C8h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F0738B194E8h 0x00000019 sbb cl, 00000038h 0x0000001c jmp 00007F0738B194DBh 0x00000021 popfd 0x00000022 mov ah, 73h 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52303CA second address: 52303DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE61h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52303DF second address: 523043A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test byte ptr [esi+48h], 00000001h 0x0000000f jmp 00007F0738B194DEh 0x00000014 jne 00007F07AAC9776Fh 0x0000001a jmp 00007F0738B194E0h 0x0000001f test bl, 00000007h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0738B194E7h 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 523043A second address: 5230440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230440 second address: 5230444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52208FD second address: 5220901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220901 second address: 5220907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220907 second address: 5220939 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0738AFBE67h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220939 second address: 5220951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194E4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220951 second address: 522098F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F0738AFBE69h 0x00000012 and si, DC66h 0x00000017 jmp 00007F0738AFBE61h 0x0000001c popfd 0x0000001d popad 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 522098F second address: 5220995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220995 second address: 52209B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52209B9 second address: 5220A28 instructions: 0x00000000 rdtsc 0x00000002 mov si, 4349h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F0738B194E6h 0x0000000d pushfd 0x0000000e jmp 00007F0738B194E2h 0x00000013 adc ecx, 1FC830C8h 0x00000019 jmp 00007F0738B194DBh 0x0000001e popfd 0x0000001f pop eax 0x00000020 popad 0x00000021 mov esi, dword ptr [ebp+08h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov cx, 4E37h 0x0000002b pushfd 0x0000002c jmp 00007F0738B194DCh 0x00000031 adc ecx, 67CBB328h 0x00000037 jmp 00007F0738B194DBh 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220A28 second address: 5220A40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE64h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220A40 second address: 5220A67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0738B194E2h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220A67 second address: 5220A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738AFBE5Eh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220A79 second address: 5220A7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220A7D second address: 5220AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007F0738AFBE67h 0x0000000f je 00007F07AAC81746h 0x00000015 jmp 00007F0738AFBE66h 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 jmp 00007F0738AFBE60h 0x00000026 mov ecx, esi 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220AD9 second address: 5220ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220ADD second address: 5220AFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220AFA second address: 5220B22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F07AAC9ED76h 0x0000000f pushad 0x00000010 mov esi, 362DE981h 0x00000015 mov edi, eax 0x00000017 popad 0x00000018 test byte ptr [77436968h], 00000002h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edi 0x00000023 pop ecx 0x00000024 mov ax, dx 0x00000027 popad 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220B22 second address: 5220B8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0738AFBE68h 0x00000008 pop ecx 0x00000009 mov ah, bh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jne 00007F07AAC816C9h 0x00000014 jmp 00007F0738AFBE5Ah 0x00000019 mov edx, dword ptr [ebp+0Ch] 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F0738AFBE5Eh 0x00000023 sub al, 00000058h 0x00000026 jmp 00007F0738AFBE5Bh 0x0000002b popfd 0x0000002c mov si, 5E0Fh 0x00000030 popad 0x00000031 xchg eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F0738AFBE5Ch 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220B8B second address: 5220B8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220B8F second address: 5220B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220B95 second address: 5220BA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov eax, 2A340FEFh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220BA9 second address: 5220BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220BAD second address: 5220BBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220BBB second address: 5220C2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0738AFBE61h 0x00000009 jmp 00007F0738AFBE5Bh 0x0000000e popfd 0x0000000f push ecx 0x00000010 pop edi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebx 0x00000015 jmp 00007F0738AFBE62h 0x0000001a xchg eax, ebx 0x0000001b pushad 0x0000001c mov ebx, eax 0x0000001e pushfd 0x0000001f jmp 00007F0738AFBE5Ah 0x00000024 or esi, 5A5E12D8h 0x0000002a jmp 00007F0738AFBE5Bh 0x0000002f popfd 0x00000030 popad 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F0738AFBE64h 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220C2D second address: 5220C46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, cx 0x00000010 mov edx, esi 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220C46 second address: 5220C8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007F0738AFBE5Bh 0x0000000b and esi, 6C9127AEh 0x00000011 jmp 00007F0738AFBE69h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push dword ptr [ebp+14h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0738AFBE5Dh 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220D21 second address: 5220D27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5220D27 second address: 5220D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD4F52 second address: AD4F71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F0738B194DCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD518D second address: AD5197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F0738AFBE56h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: AD5197 second address: AD519B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230E32 second address: 5230E38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230AB1 second address: 5230AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230AB5 second address: 5230ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230ABB second address: 5230B1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0738B194E0h 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F0738B194E1h 0x00000016 movzx ecx, bx 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F0738B194E3h 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0738B194E5h 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230B1E second address: 5230B24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230B24 second address: 5230B42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0738B194E1h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 5230B42 second address: 5230B57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52B07C0 second address: 52B07C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52B07C6 second address: 52B07DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738AFBE5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52B07DC second address: 52B07E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52B07E3 second address: 52B07E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52B07E9 second address: 52B0806 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0738B194DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ax, dx 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A07B7 second address: 52A081D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 87C4h 0x00000007 push edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 pushfd 0x00000013 jmp 00007F0738AFBE5Ch 0x00000018 sub esi, 3F0BCC78h 0x0000001e jmp 00007F0738AFBE5Bh 0x00000023 popfd 0x00000024 popad 0x00000025 mov dword ptr [esp], ebp 0x00000028 jmp 00007F0738AFBE66h 0x0000002d mov ebp, esp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0738AFBE67h 0x00000036 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A081D second address: 52A0823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A0823 second address: 52A0827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A06ED second address: 52A06F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A06F3 second address: 52A0725 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, A7B4h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F0738AFBE66h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0738AFBE5Eh 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A0725 second address: 52A0737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0738B194DEh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A0737 second address: 52A073B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\bUWKfj04aU.exe | RDTSC instruction interceptor: First address: 52A073B second address: 52A077A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a movsx edi, si 0x0000000d jmp 00007F0738B194E6h 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0738B194E7h 0x0000001c rdtsc |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5480 | Thread sleep count: 113 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5480 | Thread sleep time: -226113s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5020 | Thread sleep count: 119 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5020 | Thread sleep time: -238119s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5048 | Thread sleep count: 122 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5048 | Thread sleep time: -244122s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 6724 | Thread sleep count: 1566 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 6724 | Thread sleep time: -46980000s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 6736 | Thread sleep count: 106 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 6736 | Thread sleep time: -212106s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5036 | Thread sleep count: 99 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5036 | Thread sleep time: -198099s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5064 | Thread sleep count: 115 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5064 | Thread sleep time: -230115s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 2792 | Thread sleep count: 113 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 2792 | Thread sleep time: -226113s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5056 | Thread sleep count: 112 > 30 | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 5056 | Thread sleep time: -224112s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 1056 | Thread sleep time: -1440000s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 6724 | Thread sleep time: -30000s >= -30000s | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5560 | Thread sleep time: -6456360425798339s >= -30000s | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6272 | Thread sleep time: -922337203685477s >= -30000s | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe TID: 5464 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5960 | Thread sleep count: 245 > 30 | |
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5960 | Thread sleep time: -245000s >= -30000s | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe TID: 1824 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe TID: 3632 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\System32\svchost.exe TID: 2120 | Thread sleep time: -30000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3428 | Thread sleep time: -150000s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe TID: 404 | Thread sleep count: 1340 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe TID: 404 | Thread sleep time: -40200000s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe TID: 6968 | Thread sleep time: -180000s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe TID: 404 | Thread sleep time: -30000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3632 | Thread sleep time: -180000s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7604 | Thread sleep count: 1137 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7604 | Thread sleep time: -2275137s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7596 | Thread sleep count: 1112 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7596 | Thread sleep time: -2225112s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7588 | Thread sleep count: 1119 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7588 | Thread sleep time: -2239119s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7584 | Thread sleep count: 1142 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7584 | Thread sleep time: -2285142s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7592 | Thread sleep count: 1118 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7592 | Thread sleep time: -2237118s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7576 | Thread sleep count: 1153 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7576 | Thread sleep time: -2307153s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\1001084001\random.exe TID: 7492 | Thread sleep count: 330 > 30 | |
Source: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe TID: 7500 | Thread sleep time: -31000s >= -30000s | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7972 | Thread sleep count: 353 > 30 | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2456 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2456 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -22136092888451448s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -600000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5984 | Thread sleep count: 65 > 30 | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -599453s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -598969s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -598625s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -598266s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -597840s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -597503s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -597191s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -596342s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -595967s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -595561s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -595217s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -594623s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -594123s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -593717s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7916 | Thread sleep time: -1500000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -593117s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -592367s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -591496s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -590804s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -589711s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -588630s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -584595s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -583277s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -581637s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -580105s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -578479s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -576757s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -574695s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -572735s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -570520s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -566034s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -563979s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -561729s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -559187s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -556505s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -554105s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -549013s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -545765s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -542766s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -539749s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -536749s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -531088s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -527853s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -524644s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -521393s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -517771s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -355523s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -268824s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -267590s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7276 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -600000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5032 | Thread sleep count: 59 > 30 | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -599243s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -598784s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8092 | Thread sleep time: -1800000s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -598472s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -597920s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -597498s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -597014s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -596592s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -595904s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -595404s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -594998s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -594398s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -593648s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -592777s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -592085s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -590992s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -589911s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -585876s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -584558s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -582918s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -581386s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -579760s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -578038s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -575976s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -574016s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -571801s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -567315s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -565260s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -563010s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -560468s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -557786s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -555386s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -550294s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -547046s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -544047s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -541030s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -538030s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -532369s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -529134s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -525925s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -522674s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -519052s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -343741s >= -30000s | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7280 | Thread sleep time: -922337203685477s >= -30000s | |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001084001\random.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001084001\random.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001108001\swiiii.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001108001\swiiii.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001142001\DocuWorks.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001142001\DocuWorks.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001152001\DocuWorks.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001152001\DocuWorks.exe VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\GAOBCVIQIJ.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\IPKGELNTQY.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\IPKGELNTQY.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\LSBIHQFDVT.xlsx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\NEBFQQYWPS.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\rundll32.exe | Queries volume information: C:\Users\user\Desktop\SFPUSAFIOL.docx VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\netsh.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation | Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Users\user\AppData\Roaming\configurationValue\propro.exe VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\propro.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Queries volume information: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe VolumeInformation | |
Source: C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001053001\gold.exe VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\ VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation | |
Source: C:\Users\user\AppData\Local\Temp\1001107001\jok.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation | |