Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exeHK |
Source: MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://147.45.47.102:57893/hera/amadka.exea |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/ |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/0 |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/Local |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/a |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/age.Streams.DataWriter |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/erences.SourceAumid |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/f1daa8e86e8e6fbbace30934c49ac47aa495c49#? |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/f1daa8e86e8e8fda7df3081405eac52aa495c49#b |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014B3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.php |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014F4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.php001 |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014F4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.php12001 |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.php1mb3JtLXVybGVuY29kZWQ= |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.php6Eo |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpL |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpPE |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014F4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpUsers |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014F4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpWindows |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpX |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpbE |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpcoded |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpcodedlE |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpcodeduE |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phph |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014DA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpop |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014F4000.00000004.00000020.00020000.00000000.sdmp, explorta.exe, 00000002.00000002.3253602072.0000000001539000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.139/sev56rkm/index.phpu |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/go.exe |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/go.exe.1 |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/go.exe1.132f |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/go.exeAK |
Source: MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/go.exer |
Source: MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/lenin.exe |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/lenin.exe4 |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/lenin.exepro_botC |
Source: MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/lenin.exer |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/lenin.exetK |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/random.exe |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/sarra.exe |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/cost/sarra.exee |
Source: explorta.exe, 00000002.00000002.3253602072.0000000001505000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/mine/amert.exe |
Source: explorta.exe, 00000002.00000002.3253602072.00000000014DA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://193.233.132.167/mine/random.exe |
Source: svchost.exe, 0000001E.00000003.2923000049.000001EFCE589000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2501990171.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905634199.000001EFCE581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905520461.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/STS |
Source: svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2923073504.000001EFCE573000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2705743746.000001EFCE573000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd |
Source: svchost.exe, 0000001E.00000003.2502477786.000001EFCECC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2498765635.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/tb |
Source: svchost.exe, 0000001E.00000003.2490135541.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3325462458.000001EFCEC8A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2489362309.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/tb:pp |
Source: svchost.exe, 0000001E.00000003.2490135541.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2489362309.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/tbE% |
Source: svchost.exe, 0000001E.00000002.3329736359.000001EFCECB8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://Passport.NET/tb_ |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: svchost.exe, 00000006.00000002.3326223152.000002AF2AC00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2491144426.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2488466722.000001EFCE57A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2703336556.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2703702572.000001EFCE578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2500832032.000001EFCE57A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905634199.000001EFCE581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2375556720.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905520461.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd |
Source: svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAA |
Source: svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAA |
Source: svchost.exe, 0000001E.00000003.2703702572.000001EFCE578000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2500832032.000001EFCE57A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes |
Source: svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2375556720.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905520461.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd |
Source: svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAA |
Source: svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2488466722.000001EFCE57A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds |
Source: svchost.exe, 0000001E.00000002.3360389667.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3325172143.000001EFCEC53000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID |
Source: svchost.exe, 00000006.00000002.3273860235.000002AF25D02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.2878763604.000002AF2A992000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/an2dmhqv5igncgwzelkqyugk5q_2024.4.19.0/go |
Source: svchost.exe, 00000006.00000003.2089816565.000002AF2A990000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0X |
Source: svchost.exe, 0000001E.00000002.3325518723.000001EFCECA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3276271710.000001EFCDC85000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://passport.net/tb |
Source: svchost.exe, 0000001E.00000003.2702970756.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.mi |
Source: svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/ |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2473225757.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905634199.000001EFCE581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905520461.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scdn |
Source: svchost.exe, 0000001E.00000002.3324680464.000001EFCE582000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905634199.000001EFCE581000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2905520461.000001EFCE57F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scst |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust |
Source: svchost.exe, 0000001E.00000003.2502477786.000001EFCECC9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2498765635.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue |
Source: svchost.exe, 0000001E.00000003.2501990171.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesue |
Source: svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issueue |
Source: svchost.exe, 0000001E.00000002.3308028724.000001EFCDCE1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2501990171.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue |
Source: svchost.exe, 0000001E.00000003.2501990171.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3324393598.000001EFCE55F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue |
Source: svchost.exe, 0000001E.00000002.3324323127.000001EFCE537000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trustce |
Source: svchost.exe, 00000006.00000003.3165237587.000002AF25D1B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3165437653.000002AF2B010000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.w3.o |
Source: 2531414c80.exe, 00000008.00000002.2507039187.0000000000771000.00000040.00000001.01000000.0000000C.sdmp, MPGPH131.exe, 00000013.00000002.2497729169.0000000000EE1000.00000040.00000001.01000000.0000000D.sdmp, MPGPH131.exe, 00000013.00000003.2207330993.0000000005310000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2531568064.0000000000EE1000.00000040.00000001.01000000.0000000D.sdmp, MPGPH131.exe, 00000014.00000003.2208478745.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000003.2274624155.0000000005080000.00000004.00001000.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2403293492.0000000000771000.00000040.00000001.01000000.0000000C.sdmp, RageMP131.exe, 0000001F.00000002.2448073874.0000000000D51000.00000040.00000001.01000000.00000010.sdmp, RageMP131.exe, 0000001F.00000003.2369468000.0000000005000000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.co |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605 |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600 |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600e |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601 |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603 |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604 |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605 |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355752534.000001EFCE557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.com/msangcwam |
Source: MPGPH131.exe, 00000014.00000003.2342118247.00000000079E7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_s |
Source: MPGPH131.exe, 00000014.00000003.2342118247.00000000079E7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2 |
Source: MPGPH131.exe, 00000014.00000003.2342118247.00000000079E7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fa |
Source: RegAsm.exe, 00000032.00000002.2781271801.0000000001556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://affordcharmcropwo.shop/api |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.0000000001440000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/ |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/2 |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/2Oh |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?;# |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=89.187.171.132 |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=89.187.171.132J |
Source: 2531414c80.exe, 00000018.00000002.2404856512.0000000001440000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=89.187.171.132icroso/ |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/demo/home.php?s=89.187.171.132mp |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com/e |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.00000000013DC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=89.187.171.132 |
Source: MPGPH131.exe, 00000013.00000002.2500776200.000000000177F000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://db-ip.com:443/demo/home.php?s=89.187.171.132P |
Source: svchost.exe, 00000006.00000002.3344029385.000002AF2AD21000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://download.iolo.net/ |
Source: svchost.exe, 00000006.00000002.3273860235.000002AF25D02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3326650125.000002AF2AC8D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3254546774.000002AF25441000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe |
Source: svchost.exe, 00000006.00000002.3343648641.000002AF2AD0A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe.ex |
Source: svchost.exe, 00000006.00000002.3273860235.000002AF25D02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3186101827.000002AF2A99E000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3253727463.000000FAF9EFB000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3292092512.000002AF26240000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3344315396.000002AF2AF60000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.3099631479.000002AF2A995000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3326170838.000002AF2AAF0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe7C: |
Source: svchost.exe, 00000006.00000002.3326650125.000002AF2AC8D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://download.iolo.net:443/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.ex |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: svchost.exe, 00000006.00000003.2089816565.000002AF2AA03000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/Prod/C: |
Source: svchost.exe, 00000006.00000003.2089816565.000002AF2A990000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: RageMP131.exe, 0000001F.00000002.2450136740.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/ |
Source: RageMP131.exe, 0000001F.00000002.2450136740.000000000146E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/FW |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001529000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.0000000001440000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.00000000014F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/Mozilla/5.0 |
Source: MPGPH131.exe, 00000013.00000002.2500776200.000000000169D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/T |
Source: MPGPH131.exe, 00000013.00000002.2500776200.00000000016DD000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/W |
Source: 2531414c80.exe, 00000008.00000002.2507039187.0000000000771000.00000040.00000001.01000000.0000000C.sdmp, MPGPH131.exe, 00000013.00000002.2497729169.0000000000EE1000.00000040.00000001.01000000.0000000D.sdmp, MPGPH131.exe, 00000013.00000003.2207330993.0000000005310000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2531568064.0000000000EE1000.00000040.00000001.01000000.0000000D.sdmp, MPGPH131.exe, 00000014.00000003.2208478745.0000000004D20000.00000004.00001000.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000003.2274624155.0000000005080000.00000004.00001000.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2403293492.0000000000771000.00000040.00000001.01000000.0000000C.sdmp, RageMP131.exe, 0000001F.00000002.2448073874.0000000000D51000.00000040.00000001.01000000.00000010.sdmp, RageMP131.exe, 0000001F.00000003.2369468000.0000000005000000.00000004.00001000.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll |
Source: 2531414c80.exe, 00000008.00000002.2511321549.00000000014DF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/t |
Source: 2531414c80.exe, 00000008.00000002.2511321549.000000000150F000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000002.2511321549.0000000001529000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2500776200.000000000170A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.0000000001440000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.00000000014AA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/89.187.171.132 |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001728000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/89.187.171.1326 |
Source: 2531414c80.exe, 00000008.00000002.2511321549.000000000150F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/89.187.171.132v |
Source: RageMP131.exe, 0000001F.00000002.2450136740.00000000014AA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io/widget/demo/89.187.171.132yB |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000A9C000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.00000000013DC000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.00000000014F9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/89.187.171.132 |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001529000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/89.187.171.132S |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001728000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ipinfo.io:443/widget/demo/89.187.171.132r |
Source: svchost.exe, 0000001E.00000002.3325008437.000001EFCEC13000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com |
Source: svchost.exe, 0000001E.00000002.3325518723.000001EFCECA3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3325406363.000001EFCEC71000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ApproveSession.srf |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601 |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502 |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601 |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ListSessions.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ManageApprover.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ManageLoginKeys.srf |
Source: svchost.exe, 0000001E.00000003.2474491603.000001EFCEE0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/RST2.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/didtou.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/didtou.srfce |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/getrealminfo.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/getuserrealm.srf |
Source: svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsec |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf |
Source: svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfr |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600 |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600UE |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604 |
Source: svchost.exe, 0000001E.00000003.2356389509.000001EFCE56B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2469731618.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf |
Source: svchost.exe, 0000001E.00000003.2452907046.000001EFCE56E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfe |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm |
Source: svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502 |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502R |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601 |
Source: svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806013 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603 |
Source: svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3308028724.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2477482746.000001EFCDD02000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355752534.000001EFCE557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354695879.000001EFCE55A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp8 |
Source: svchost.exe, 0000001E.00000003.2354397715.000001EFCE529000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2357505019.000001EFCE556000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605 |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf |
Source: svchost.exe, 0000001E.00000002.3325008437.000001EFCEC13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf |
Source: svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srfLive |
Source: svchost.exe, 0000001E.00000002.3269246589.000001EFCDC2B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/ppsecure/li |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/resetpw.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/retention.srf |
Source: svchost.exe, 0000001E.00000002.3308028724.000001EFCDCE1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3325406363.000001EFCEC71000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com:443/RST2.srf |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3271307179.000001EFCDC5F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/MSARST2.srf |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf( |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf |
Source: svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf:CLSID |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srfL |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf |
Source: svchost.exe, 0000001E.00000003.2356241086.000001EFCE563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf |
Source: svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srft |
Source: svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf |
Source: svchost.exe, 0000001E.00000003.2354605983.000001EFCE510000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfRE |
Source: svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfr |
Source: svchost.exe, 0000001E.00000002.3290683644.000001EFCDC9C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://pcss.dll |
Source: svchost.exe, 0000001E.00000003.2355633243.000001EFCE53B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354397715.000001EFCE52C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2356061920.000001EFCE540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000002.3269339148.000001EFCDC45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2354868828.000001EFCE555000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001E.00000003.2355581057.000001EFCE54D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://signup.live.com/signup.aspx |
Source: MPGPH131.exe, 00000014.00000003.2351242676.00000000079D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: MPGPH131.exe, 00000014.00000003.2351242676.00000000079D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.( |
Source: 2531414c80.exe, 00000008.00000002.2516925001.0000000007BDD000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000002.2511321549.000000000149E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2500776200.000000000169D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2363329164.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2539684694.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2362400081.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2539684694.00000000079D0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2361500183.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000001F.00000002.2450136740.000000000146E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORT |
Source: MPGPH131.exe, 00000013.00000002.2500776200.000000000169D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTqUTv |
Source: MPGPH131.exe, 00000014.00000003.2363329164.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2539684694.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2362400081.0000000007A11000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2361500183.0000000007A11000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/RiseProSUPPORTv= |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot |
Source: 2531414c80.exe, 00000008.00000002.2511321549.0000000001538000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot1.132 |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_bot: |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botH |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botftW |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botisepro_bot |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botisepro_botU |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botn |
Source: MPGPH131.exe, 00000013.00000002.2500776200.0000000001730000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000018.00000002.2404856512.0000000001440000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botrisepro |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/risepro_botriseproU |
Source: RageMP131.exe, 0000001F.00000002.2450136740.0000000001515000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.tIpo |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: 2531414c80.exe, 00000008.00000003.2242125637.0000000007CFA000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2239114261.0000000007C55000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2249859344.0000000007C5F000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304428591.0000000007EF9000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306217637.0000000007F21000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2347869504.0000000008820000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2298437366.0000000007A30000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2293320807.0000000007AAA000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2344760612.0000000007A30000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: 2531414c80.exe | String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address |
Source: MPGPH131.exe, 00000014.00000003.2351242676.00000000079D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: MPGPH131.exe, 00000014.00000003.2351242676.00000000079D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: 2531414c80.exe, 00000008.00000002.2516925001.0000000007BD8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2300158551.0000000007E49000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2324847238.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2506556496.0000000007E40000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306724573.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2301470542.0000000007E49000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2299159768.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304704157.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2300712531.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2322536020.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2305456630.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/FX |
Source: 2531414c80.exe, 00000008.00000003.2246698815.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2263027375.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250377410.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242976435.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2237987811.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250022722.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2236789799.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2262315779.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2252002938.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2248838364.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242573192.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2251127325.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000002.2516925001.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259361642.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2253196095.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2245014329.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259948255.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2258255190.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2243359336.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2257231941.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242286156.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: MPGPH131.exe, 00000014.00000003.2351242676.00000000079D0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: 2531414c80.exe, 00000008.00000003.2246698815.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2263027375.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250377410.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242976435.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2237987811.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250022722.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2236789799.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2262315779.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2252002938.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2248838364.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242573192.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2251127325.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000002.2516925001.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259361642.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2253196095.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2245014329.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259948255.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2258255190.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2243359336.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2257231941.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242286156.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: 2531414c80.exe, 00000008.00000002.2516925001.0000000007BD8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2300158551.0000000007E49000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2324847238.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000002.2506556496.0000000007E40000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2306724573.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2301470542.0000000007E49000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2299159768.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2304704157.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2300712531.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2322536020.0000000007E46000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000013.00000003.2305456630.0000000007E44000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: 2531414c80.exe, 00000008.00000002.2516925001.0000000007BD8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/_1 |
Source: 2531414c80.exe, 00000008.00000002.2516925001.0000000007BD8000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000002.2530843183.0000000000B62000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2365629446.0000000000B62000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/ata |
Source: 2531414c80.exe, 00000008.00000003.2246698815.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2263027375.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250377410.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242976435.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2237987811.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2250022722.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2236789799.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2262315779.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2252002938.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2248838364.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242573192.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2251127325.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000002.2516925001.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259361642.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2253196095.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2245014329.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2259948255.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2258255190.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2243359336.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2257231941.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp, 2531414c80.exe, 00000008.00000003.2242286156.0000000007C3B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: MPGPH131.exe, 00000014.00000002.2529795385.0000000000B01000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/r |
Source: b3168c3d9b.exe, 0000000F.00000002.2498371280.0000000003F5A000.00000004.00000020.00020000.00000000.sdmp, b3168c3d9b.exe, 0000000F.00000003.2488602462.0000000003F64000.00000004.00000020.00020000.00000000.sdmp, b3168c3d9b.exe, 0000000F.00000003.2492388851.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, b3168c3d9b.exe, 0000000F.00000003.2446883487.0000000003E8F000.00000004.00000020.00020000.00000000.sdmp, b3168c3d9b.exe, 0000000F.00000003.2447086415.0000000003EBD000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000014.00000003.2342118247.00000000079E7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/account |
Source: b3168c3d9b.exe, 0000000F.00000003.2491026647.0000000003F53000.00000004.00000020.00020000.00000000.sdmp, b3168c3d9b.exe, 0000000F.00000002.2498371280.0000000003F5A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.youtube.com/accountJ_ |
Source: unknown | Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe" | |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe "C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe "C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe "C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST | |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST | |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe "C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe" | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | |
Source: unknown | Process created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe | |
Source: unknown | Process created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,1160871462993257416,2185165771260797926,262144 /prefetch:8 | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe "C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe "C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe" | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup | |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000012001\amert.exe "C:\Users\user\AppData\Local\Temp\1000012001\amert.exe" | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 7556 -ip 7556 | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 2036 | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc | |
Source: unknown | Process created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6188 -ip 6188 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2584 -ip 2584 | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2040 | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 79380 | |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe "C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe" | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1960,i,5587240117108389418,17388237419523249848,262144 /prefetch:8 | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe "C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | |
Source: unknown | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe "C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe" | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 12156 -ip 12156 | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 12156 -s 844 | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | |
Source: C:\Windows\System32\netsh.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\file.exe | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe "C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe "C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe "C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe "C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process created: C:\Users\user\AppData\Local\Temp\1000012001\amert.exe "C:\Users\user\AppData\Local\Temp\1000012001\amert.exe" | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1940,i,13936497851858077106,7979509008271672704,262144 /prefetch:8 | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=2008,i,1160871462993257416,2185165771260797926,262144 /prefetch:8 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 7556 -ip 7556 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 2036 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6188 -ip 6188 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2584 -ip 2584 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2040 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 79380 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 12156 -ip 12156 | |
Source: C:\Windows\System32\svchost.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 12156 -s 844 | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: unknown unknown | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: unknown unknown | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1960,i,5587240117108389418,17388237419523249848,262144 /prefetch:8 | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe "C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe" | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process created: unknown unknown | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main | |
Source: C:\Windows\System32\rundll32.exe | Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles | |
Source: C:\Windows\System32\rundll32.exe | Process created: unknown unknown | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process created: unknown unknown | |
Source: C:\Users\user\Desktop\file.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: dui70.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: duser.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: chartv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: atlthunk.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: explorerframe.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\file.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wsock32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: pcacli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: vaultcli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wsock32.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: version.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: mpr.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: userenv.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: windows.storage.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wldp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: propsys.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: profapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: edputil.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: urlmon.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: iertutil.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: srvcli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: netutils.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: windows.staterepositoryps.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: wintypes.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: appresolver.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: bcp47langs.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: slc.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sppc.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: onecorecommonproxystub.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: onecoreuapcommonproxystub.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: pcacli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Section loaded: sfc_os.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: apphelp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winmm.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winmm.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rstrtmgr.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncrypt.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntasn1.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d11.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxgi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: kernel.appcore.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: d3d10warp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: uxtheme.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dxcore.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: sspicli.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winhttp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wininet.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mswsock.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: devobj.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: webio.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: iphlpapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: winnsi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dnsapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rasadhlp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: fwpuclnt.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: schannel.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: mskeyprotect.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ncryptsslp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: msasn1.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptsp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: rsaenh.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: cryptbase.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: gpapi.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: vaultcli.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wintypes.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: windows.storage.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: wldp.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: ntmarta.dll | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | Section loaded: dpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winmm.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rstrtmgr.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ncrypt.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ntasn1.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: d3d11.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dxgi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: resourcepolicyclient.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: d3d10warp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: uxtheme.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dxcore.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: sspicli.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winhttp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: wininet.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: mswsock.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: devobj.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ondemandconnroutehelper.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: webio.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: iphlpapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: winnsi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: dnsapi.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rasadhlp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: fwpuclnt.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: schannel.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: mskeyprotect.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: ncryptsslp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: msasn1.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: cryptsp.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: rsaenh.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: cryptbase.dll | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | Section loaded: gpapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wersvc.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: windowsperformancerecordercontrol.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: weretw.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: faultrep.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbghelp.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: dbgcore.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: wer.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
Source: C:\Users\user\Desktop\file.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\5454e6f062\explorta.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000008001\b3168c3d9b.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\4d0ab15804\chrosha.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\AppData\Local\Temp\1000147001\swiiiii.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\netsh.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Windows\System32\conhost.exe | Process information set: NOOPENFILEERRORBOX | |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: BAD312 second address: BAD31A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: BAD31A second address: BAD31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: BAD31E second address: BAD322 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D37404 second address: D3742C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1228D24AC8h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D266D7 second address: D26715 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F122870CBC6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F122870CBD6h 0x00000011 je 00007F122870CBE0h 0x00000017 jmp 00007F122870CBD4h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D39FB9 second address: D39FD0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1228D24AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D39FD0 second address: D39FD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A1DF second address: D3A207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 xor dword ptr [esp], 234BF1CFh 0x0000000d mov cx, 47D9h 0x00000011 lea ebx, dword ptr [ebp+12460E93h] 0x00000017 mov dx, 2738h 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jl 00007F1228D24AB6h 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A2C8 second address: D3A2DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A2DB second address: D3A2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A2E1 second address: D3A35F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F122870CBD3h 0x0000000b pop esi 0x0000000c popad 0x0000000d nop 0x0000000e mov si, cx 0x00000011 and edx, dword ptr [ebp+122D3905h] 0x00000017 push 00000000h 0x00000019 mov esi, 0FB81FD7h 0x0000001e je 00007F122870CBC9h 0x00000024 call 00007F122870CBC9h 0x00000029 pushad 0x0000002a push ebx 0x0000002b jbe 00007F122870CBC6h 0x00000031 pop ebx 0x00000032 pushad 0x00000033 jmp 00007F122870CBCDh 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b popad 0x0000003c push eax 0x0000003d jp 00007F122870CBCEh 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F122870CBD0h 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A35F second address: D3A369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F1228D24AB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A369 second address: D3A388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A388 second address: D3A38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D3A38F second address: D3A3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBD8h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5AA2B second address: D5AA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1228D24AB6h 0x0000000a popad 0x0000000b push esi 0x0000000c jmp 00007F1228D24AC7h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5AA55 second address: D5AA7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop edi 0x0000000c push ebx 0x0000000d jmp 00007F122870CBCBh 0x00000012 pop ebx 0x00000013 jo 00007F122870CBD2h 0x00000019 jg 00007F122870CBC6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58938 second address: D5893E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5893E second address: D5894F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F122870CBC6h 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5894F second address: D5895A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58AA7 second address: D58AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58C2E second address: D58C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F1228D24AC8h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58C4E second address: D58C54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58D92 second address: D58D9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58D9E second address: D58DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58DA2 second address: D58DA8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58EF0 second address: D58F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD0h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58F08 second address: D58F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24ABAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F1228D24AB6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58F26 second address: D58F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58F2A second address: D58F32 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D58F32 second address: D58F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F122870CBC6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D591D8 second address: D591DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D591DF second address: D591EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F122870CBC6h 0x0000000a jne 00007F122870CBC6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D591EF second address: D591F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5951F second address: D59547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jno 00007F122870CBCEh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007F122870CBCFh 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D59547 second address: D59551 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D59551 second address: D59557 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A1D7 second address: D5A1DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A1DF second address: D5A1E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A34B second address: D5A351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A351 second address: D5A355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A355 second address: D5A367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F1228D24ABCh 0x0000000c jnp 00007F1228D24AB6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A367 second address: D5A36D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A4B4 second address: D5A4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A4BA second address: D5A4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A618 second address: D5A61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A61C second address: D5A629 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A629 second address: D5A638 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F1228D24AB6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A638 second address: D5A63C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A63C second address: D5A642 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D5A8DD second address: D5A8E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D613DF second address: D613E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D613E3 second address: D61411 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jc 00007F122870CBF0h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F122870CBCCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D61411 second address: D61415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D61415 second address: D61421 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D61421 second address: D61425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D1A938 second address: D1A93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D63F0C second address: D63F28 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F1228D24ABCh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6445A second address: D64462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D645D8 second address: D645E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1228D24AB6h 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D645E3 second address: D645EE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F122870CBC6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D66528 second address: D6652C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6652C second address: D66532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D66532 second address: D66538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D66853 second address: D66869 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D669FA second address: D66A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1228D24AB6h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D66A05 second address: D66A0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D66B89 second address: D66B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D67522 second address: D67547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 jmp 00007F122870CBD7h 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F122870CBC6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D675C0 second address: D675C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D675C4 second address: D675CE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D675CE second address: D675D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D675D4 second address: D675D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D675D8 second address: D67633 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e call 00007F1228D24AC8h 0x00000013 jmp 00007F1228D24ABDh 0x00000018 pop edi 0x00000019 xchg eax, ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d jmp 00007F1228D24AC2h 0x00000022 pop ecx 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D67AEA second address: D67AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D67AEE second address: D67AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D67BB6 second address: D67BBC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D695B9 second address: D69655 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1228D24ABCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push edx 0x0000000d jne 00007F1228D24AB6h 0x00000013 pop edx 0x00000014 pop esi 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F1228D24AB8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 xor dword ptr [ebp+122D2122h], eax 0x00000036 push 00000000h 0x00000038 mov esi, 20C90F29h 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebx 0x00000042 call 00007F1228D24AB8h 0x00000047 pop ebx 0x00000048 mov dword ptr [esp+04h], ebx 0x0000004c add dword ptr [esp+04h], 0000001Bh 0x00000054 inc ebx 0x00000055 push ebx 0x00000056 ret 0x00000057 pop ebx 0x00000058 ret 0x00000059 movzx esi, cx 0x0000005c xchg eax, ebx 0x0000005d jl 00007F1228D24ACFh 0x00000063 jmp 00007F1228D24AC9h 0x00000068 push eax 0x00000069 jl 00007F1228D24AD5h 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D69655 second address: D69659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6A09F second address: D6A0A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6AB7D second address: D6AB83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6A8C5 second address: D6A8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6AB83 second address: D6AB87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6A8C9 second address: D6A8CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6AB87 second address: D6AB8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6AB8B second address: D6ABE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F1228D24ABBh 0x00000010 push 00000000h 0x00000012 mov edi, dword ptr [ebp+122D38FDh] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F1228D24AB8h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000017h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov esi, dword ptr [ebp+122D3719h] 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c jnc 00007F1228D24AB8h 0x00000042 push esi 0x00000043 pushad 0x00000044 popad 0x00000045 pop esi 0x00000046 popad 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6ABE6 second address: D6ABEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6ABEC second address: D6ABF6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1228D24ABCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6CBB4 second address: D6CC1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F122870CBC6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f mov edi, dword ptr [ebp+122D22A5h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F122870CBC8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 push 00000000h 0x00000033 jne 00007F122870CBD9h 0x00000039 xchg eax, ebx 0x0000003a jnl 00007F122870CBD4h 0x00000040 push eax 0x00000041 push ecx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 pop eax 0x00000046 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6FC3B second address: D6FC90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push ebx 0x0000000d cld 0x0000000e pop edi 0x0000000f add dword ptr [ebp+12462954h], ebx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F1228D24AB8h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 push 00000000h 0x00000033 jp 00007F1228D24ABCh 0x00000039 xchg eax, esi 0x0000003a pushad 0x0000003b push ebx 0x0000003c push edx 0x0000003d pop edx 0x0000003e pop ebx 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D70D62 second address: D70D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D70D66 second address: D70D86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F1228D24AB6h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F1228D24ABCh 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D72D01 second address: D72D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F122870CBC6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D72D12 second address: D72D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6FDE7 second address: D6FDF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F122870CBC6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D72D16 second address: D72D20 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1228D24AB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6FDF1 second address: D6FDF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D72D20 second address: D72D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F1228D24ABFh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6FDF5 second address: D6FE49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push edi 0x0000000c add ebx, dword ptr [ebp+12462633h] 0x00000012 pop edi 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov ebx, edx 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov edi, dword ptr [ebp+1246281Bh] 0x00000029 mov eax, dword ptr [ebp+122D0F15h] 0x0000002f mov bx, dx 0x00000032 push FFFFFFFFh 0x00000034 cld 0x00000035 sub dword ptr [ebp+12472FF5h], eax 0x0000003b nop 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push edi 0x00000040 pop edi 0x00000041 jmp 00007F122870CBD2h 0x00000046 popad 0x00000047 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D72D3D second address: D72D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D2B712 second address: D2B724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jns 00007F122870CBC6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D2B724 second address: D2B742 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D2B742 second address: D2B747 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D75794 second address: D757FD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d pop eax 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F1228D24AB8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 push 00000000h 0x0000002b mov dword ptr [ebp+124621A2h], esi 0x00000031 mov bx, 6A13h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007F1228D24AB8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 sub dword ptr [ebp+12461FD3h], eax 0x00000057 mov ebx, dword ptr [ebp+122D3951h] 0x0000005d push eax 0x0000005e push ecx 0x0000005f push eax 0x00000060 push edx 0x00000061 push edi 0x00000062 pop edi 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D74A3C second address: D74A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D74B10 second address: D74B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D74B14 second address: D74B1E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7677C second address: D767FC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1228D24ABCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F1228D24AB8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 jmp 00007F1228D24AC7h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F1228D24AB8h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 00000019h 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a mov edi, dword ptr [ebp+122D2887h] 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 jp 00007F1228D24AB6h 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D767FC second address: D76801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D76801 second address: D76806 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D76806 second address: D7681E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F122870CBC6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F122870CBCCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7681E second address: D76822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D75907 second address: D759AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F122870CBC8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov ebx, dword ptr [ebp+122D27A1h] 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov dword ptr [ebp+12482885h], esi 0x00000041 mov eax, dword ptr [ebp+122D0029h] 0x00000047 sub dword ptr [ebp+12461FD3h], edx 0x0000004d push FFFFFFFFh 0x0000004f mov ebx, dword ptr [ebp+122D3759h] 0x00000055 call 00007F122870CBD2h 0x0000005a jmp 00007F122870CBD5h 0x0000005f pop ebx 0x00000060 nop 0x00000061 pushad 0x00000062 jl 00007F122870CBC8h 0x00000068 jc 00007F122870CBD0h 0x0000006e jmp 00007F122870CBCAh 0x00000073 popad 0x00000074 push eax 0x00000075 push eax 0x00000076 push edx 0x00000077 push eax 0x00000078 push edx 0x00000079 jnl 00007F122870CBC6h 0x0000007f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D759AD second address: D759B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D759B1 second address: D759B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D776F7 second address: D77786 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F1228D24AB8h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 add dword ptr [ebp+12461326h], ecx 0x00000027 mov ebx, eax 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push eax 0x0000002e call 00007F1228D24AB8h 0x00000033 pop eax 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc eax 0x00000041 push eax 0x00000042 ret 0x00000043 pop eax 0x00000044 ret 0x00000045 mov bx, 46B5h 0x00000049 jmp 00007F1228D24AC6h 0x0000004e push 00000000h 0x00000050 jmp 00007F1228D24AC6h 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D786A3 second address: D786A9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7964F second address: D796B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov bx, dx 0x0000000f push 00000000h 0x00000011 jmp 00007F1228D24AC8h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007F1228D24AB8h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 je 00007F1228D24AB8h 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D796B7 second address: D796D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBD7h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D796D2 second address: D796EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F1228D24AB8h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7A6D9 second address: D7A6DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C75E second address: D7C762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7F7BE second address: D7F7C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D18D6A second address: D18D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C899 second address: D7C89F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7B7B8 second address: D7B7BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C89F second address: D7C941 instructions: 0x00000000 rdtsc 0x00000002 je 00007F122870CBD9h 0x00000008 jmp 00007F122870CBD3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F122870CBC8h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c sub dword ptr [ebp+122DB6BFh], esi 0x00000032 push dword ptr fs:[00000000h] 0x00000039 mov ebx, dword ptr [ebp+12462733h] 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 mov dword ptr [ebp+1247A146h], edx 0x0000004c mov eax, dword ptr [ebp+122D0AE1h] 0x00000052 cld 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push eax 0x00000058 call 00007F122870CBC8h 0x0000005d pop eax 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 add dword ptr [esp+04h], 00000014h 0x0000006a inc eax 0x0000006b push eax 0x0000006c ret 0x0000006d pop eax 0x0000006e ret 0x0000006f nop 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007F122870CBD6h 0x00000077 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7B7BC second address: D7B7C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C941 second address: D7C95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBD7h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7B7C2 second address: D7B7E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C95C second address: D7C969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7D840 second address: D7D844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D800C8 second address: D800D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007F122870CBC6h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C969 second address: D7C973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7D844 second address: D7D84D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D81E32 second address: D81E3C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1228D24AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D800D4 second address: D800D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D7C973 second address: D7C979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D81E3C second address: D81E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D81E42 second address: D81EA2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F1228D24AB8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 jmp 00007F1228D24ABFh 0x0000002a jne 00007F1228D24ABCh 0x00000030 push 00000000h 0x00000032 mov edi, dword ptr [ebp+122D1B08h] 0x00000038 push 00000000h 0x0000003a mov ebx, dword ptr [ebp+122D1A9Fh] 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D830E8 second address: D830EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D2D17E second address: D2D197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F1228D24AC0h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D8B932 second address: D8B93C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F122870CBD2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D8BC11 second address: D8BC15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95CF7 second address: D95CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95CFB second address: D95D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1228D24AC5h 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D18 second address: D95D1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D1E second address: D95D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D24 second address: D95D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D28 second address: D95D3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F1228D24ABAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D3F second address: D95D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD2h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95D55 second address: D95D88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1228D24AC7h 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D949F1 second address: D94A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD0h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9557E second address: D95588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F1228D24AB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95588 second address: D955A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D955A8 second address: D955AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95847 second address: D9584D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9584D second address: D9585B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 ja 00007F1228D24AB6h 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9585B second address: D9587F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F122870CBD5h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F122870CBCDh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F122870CBC6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9587F second address: D95883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D95883 second address: D958A0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F122870CBCFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D958A0 second address: D958A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D282C7 second address: D282DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F122870CBC6h 0x0000000a popad 0x0000000b pushad 0x0000000c jp 00007F122870CBC6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D282DF second address: D282FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1228D24AC3h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D282FD second address: D28312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jno 00007F122870CBC6h 0x0000000c jc 00007F122870CBC6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9AA18 second address: D9AA1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9AA1C second address: D9AA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F122870CBCEh 0x0000000c jng 00007F122870CBC6h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9ABE1 second address: D9ABE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B02C second address: D9B038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F122870CBC6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B038 second address: D9B061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 jmp 00007F1228D24AC9h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B061 second address: D9B071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B1E3 second address: D9B1E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B1E7 second address: D9B1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B1F1 second address: D9B1F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B1F7 second address: D9B1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B6BD second address: D9B6D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F1228D24AB6h 0x0000000b popad 0x0000000c jl 00007F1228D24ABEh 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D9B6D3 second address: D9B6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F122870CBD1h 0x0000000c pushad 0x0000000d jmp 00007F122870CBCAh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0152 second address: DA0177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1228D24AB6h 0x0000000a jmp 00007F1228D24AC1h 0x0000000f popad 0x00000010 pushad 0x00000011 jnl 00007F1228D24AB6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0177 second address: DA017D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA017D second address: DA0182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA030F second address: DA0317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0317 second address: DA0330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24AC3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA04B8 second address: DA04BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0648 second address: DA064E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA064E second address: DA0670 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F122870CBD6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0A47 second address: DA0A8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F1228D24AB6h 0x00000009 je 00007F1228D24AB6h 0x0000000f jc 00007F1228D24AB6h 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 jmp 00007F1228D24AC0h 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push ecx 0x00000020 jmp 00007F1228D24ABEh 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F1228D24ABAh 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA0BB5 second address: DA0BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jp 00007F122870CBDBh 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D24BF8 second address: D24C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007F1228D24AB8h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D24C0B second address: D24C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F122870CBD9h 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D24C2B second address: D24C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D24C2F second address: D24C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA4333 second address: DA4345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24ABDh 0x00000009 pop ebx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA4345 second address: DA434B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA434B second address: DA4355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1228D24AB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D1FA4A second address: D1FA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA94C4 second address: DA94CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA94CB second address: DA94E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F122870CBC6h 0x0000000d jmp 00007F122870CBCBh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA94E3 second address: DA950A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1228D24AC9h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA950A second address: DA9511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA9511 second address: DA9516 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA9516 second address: DA9533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F122870CBC6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA9533 second address: DA9537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DD95 second address: D6DD9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DD9B second address: D6DDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDA0 second address: D6DDA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDA5 second address: D6DDCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1228D24AB6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov ch, al 0x00000012 mov dword ptr [ebp+1245E7A2h], ebx 0x00000018 lea eax, dword ptr [ebp+12494B5Bh] 0x0000001e mov cx, ax 0x00000021 nop 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDCD second address: D6DDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDD1 second address: D6DDD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDD5 second address: D6DDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6DDDB second address: D6DDF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1228D24AC2h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E399 second address: D6E3CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push esi 0x0000000a jc 00007F122870CBC8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F122870CBD0h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F122870CBCAh 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E3CE second address: D6E405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jnl 00007F1228D24AC4h 0x00000014 pop eax 0x00000015 mov edx, 1505B3D5h 0x0000001a push D9A6AFCFh 0x0000001f push eax 0x00000020 push edx 0x00000021 push esi 0x00000022 jnl 00007F1228D24AB6h 0x00000028 pop esi 0x00000029 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E4E5 second address: D6E4EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E4EB second address: D6E4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F1228D24ABCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E549 second address: D6E578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b jng 00007F122870CBC8h 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 xchg eax, esi 0x00000015 sub edi, dword ptr [ebp+122D3995h] 0x0000001b nop 0x0000001c push edx 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E578 second address: D6E583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E583 second address: D6E589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E61C second address: D6E621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E621 second address: D6E626 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EB3F second address: D6EB44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EB44 second address: D6EB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EB4A second address: D6EB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F1228D24AB6h 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EB5B second address: D6EBA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a nop 0x0000000b movsx edi, bx 0x0000000e push 0000001Eh 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F122870CBC8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a or dword ptr [ebp+1246DDA5h], ebx 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 jno 00007F122870CBC8h 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6BEC7 second address: D6BED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EF9E second address: D6EFA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6EFA4 second address: D6F019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F1228D24AC0h 0x0000000b jmp 00007F1228D24ABAh 0x00000010 popad 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F1228D24AB8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c mov edi, 243CFC9Dh 0x00000031 lea eax, dword ptr [ebp+12494B9Fh] 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007F1228D24AB8h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 mov dword ptr [ebp+1245E44Eh], ebx 0x00000057 push eax 0x00000058 push esi 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6F019 second address: D6F06B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d movsx edx, bx 0x00000010 lea eax, dword ptr [ebp+12494B5Bh] 0x00000016 clc 0x00000017 nop 0x00000018 pushad 0x00000019 push eax 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop eax 0x0000001d pushad 0x0000001e jmp 00007F122870CBD8h 0x00000023 push eax 0x00000024 pop eax 0x00000025 popad 0x00000026 popad 0x00000027 push eax 0x00000028 pushad 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6F06B second address: D6F07B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1228D24AB6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA870A second address: DA870E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA8C4D second address: DA8C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA8C53 second address: DA8C57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DA8C57 second address: DA8C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DAC74B second address: DAC74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DAC74F second address: DAC77A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F1228D24ABCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F1228D24AC6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DAF548 second address: DAF54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DAF134 second address: DAF13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB190B second address: DB1926 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB14EE second address: DB14FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB14FD second address: DB1501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB4DF7 second address: DB4E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1228D24AB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBAC5E second address: DBAC83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F122870CBCAh 0x0000000d jmp 00007F122870CBCEh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBAC83 second address: DBAC93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB9556 second address: DB955B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB955B second address: DB9569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1228D24AB6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB981D second address: DB9856 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F122870CBCAh 0x00000013 push ecx 0x00000014 jmp 00007F122870CBCDh 0x00000019 jmp 00007F122870CBD3h 0x0000001e pop ecx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB9B0D second address: DB9B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DB9C33 second address: DB9C6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 jmp 00007F122870CBD8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E9B7 second address: D6E9C5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1228D24AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D6E9C5 second address: D6E9C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBA99E second address: DBA9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBA9A6 second address: DBA9C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBCFh 0x00000009 je 00007F122870CBC6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBA9C4 second address: DBA9D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBE85C second address: DBE866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBE866 second address: DBE88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F1228D24AC4h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBE88D second address: DBE893 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBE893 second address: DBE8D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007F1228D24AE0h 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D2154F second address: D215A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F122870CBD4h 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007F122870CBD3h 0x00000019 jmp 00007F122870CBD3h 0x0000001e pushad 0x0000001f jp 00007F122870CBC6h 0x00000025 jp 00007F122870CBC6h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB65 second address: DBDB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1228D24AB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB71 second address: DBDB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB79 second address: DBDB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB80 second address: DBDB86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB86 second address: DBDB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1228D24AB6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDB90 second address: DBDBB7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F122870CBD2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F122870CBC6h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDBB7 second address: DBDBC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDBC7 second address: DBDBDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD1h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDD58 second address: DBDD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jng 00007F1228D24AB6h 0x0000000c jmp 00007F1228D24ABEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDFD9 second address: DBDFF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F122870CBC6h 0x0000000a je 00007F122870CBC6h 0x00000010 popad 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 jc 00007F122870CBC6h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBDFF7 second address: DBE018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F1228D24AC8h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DBE018 second address: DBE01C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC463D second address: DC4643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC4643 second address: DC4649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC4649 second address: DC4652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC47B9 second address: DC47BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC47BD second address: DC47E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1228D24AC8h 0x0000000b pushad 0x0000000c jne 00007F1228D24AB6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC4EA7 second address: DC4EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC4EAB second address: DC4EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5165 second address: DC5195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F122870CBC6h 0x0000000a jmp 00007F122870CBD5h 0x0000000f popad 0x00000010 pushad 0x00000011 jnc 00007F122870CBC6h 0x00000017 push eax 0x00000018 pop eax 0x00000019 je 00007F122870CBC6h 0x0000001f popad 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5195 second address: DC51A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABAh 0x00000007 js 00007F1228D24ABCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC56EA second address: DC56F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC56F2 second address: DC56F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5F7B second address: DC5F84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5F84 second address: DC5F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5F8A second address: DC5F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC5F95 second address: DC5FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24ABFh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC627A second address: DC627E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DC627E second address: DC629B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F1228D24AC2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA062 second address: DCA066 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA1D8 second address: DCA1E4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1228D24AB6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA34D second address: DCA353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA353 second address: DCA372 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1228D24AB6h 0x00000008 jmp 00007F1228D24AC1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA372 second address: DCA37C instructions: 0x00000000 rdtsc 0x00000002 js 00007F122870CBC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA4E2 second address: DCA4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007F1228D24AB6h 0x0000000c jne 00007F1228D24AB6h 0x00000012 jno 00007F1228D24AB6h 0x00000018 popad 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA7CB second address: DCA7D5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F122870CBC6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCA8FF second address: DCA90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F1228D24AB6h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCF3E0 second address: DCF3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DCF3E4 second address: DCF3EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD6B47 second address: DD6B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD6B4D second address: DD6B58 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD6B58 second address: DD6B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD6B60 second address: DD6B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F1228D24AB8h 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD6B71 second address: DD6B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F122870CBC6h 0x0000000a jnl 00007F122870CBC6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD4C9A second address: DD4CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD4CA0 second address: DD4CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD4CA5 second address: DD4CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F1228D24ABDh 0x0000000f pushad 0x00000010 jmp 00007F1228D24AC6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD4E45 second address: DD4E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD5262 second address: DD526E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD5558 second address: DD5566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBCAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD59BC second address: DD59D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24AC1h 0x00000009 pop edx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD59D9 second address: DD59F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F122870CBC6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F122870CBCCh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD59F2 second address: DD59F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD5B56 second address: DD5B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F122870CBCCh 0x0000000c jnc 00007F122870CBC6h 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD5B6F second address: DD5B92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F1228D24AB6h 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DD5B92 second address: DD5B96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDE15C second address: DDE162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDE162 second address: DDE188 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F122870CBC6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F122870CBD5h 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D30799 second address: D307A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24ABAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D307A7 second address: D307B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D307B5 second address: D307CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1228D24AC1h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDDB37 second address: DDDB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBD5h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDDB50 second address: DDDB56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDDB56 second address: DDDB70 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F122870CBD2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDDB70 second address: DDDB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1228D24AB6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DDDB81 second address: DDDB97 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F122870CBC6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jp 00007F122870CBC6h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: D1C3EE second address: D1C3FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF38B6 second address: DF38EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F122870CBD1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F122870CBC6h 0x00000013 jmp 00007F122870CBD6h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF35E9 second address: DF35ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF35ED second address: DF35F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF35F5 second address: DF3600 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F1228D24AB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF3600 second address: DF3606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF81FB second address: DF8206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1228D24AB6h 0x0000000a pop eax 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF8206 second address: DF820E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF820E second address: DF8222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F1228D24AC2h 0x0000000c je 00007F1228D24AB6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF8222 second address: DF8248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F122870CC00h 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F122870CBD6h 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: DF8248 second address: DF824E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E00020 second address: E00029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E02C24 second address: E02C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E02C28 second address: E02C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0923B second address: E0924B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F1228D24AB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0924B second address: E09255 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F122870CBC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09255 second address: E09269 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1228D24ABFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09269 second address: E09292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F122870CBCDh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F122870CBCFh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09292 second address: E09296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09296 second address: E092B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F122870CBCEh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E092B0 second address: E092B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0941B second address: E0941F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0941F second address: E09437 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABEh 0x00000007 jc 00007F1228D24AB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09437 second address: E0943D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0943D second address: E09441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E095E5 second address: E095FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F122870CBC6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b jns 00007F122870CBC6h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E095FF second address: E09621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1228D24AC9h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09621 second address: E09635 instructions: 0x00000000 rdtsc 0x00000002 js 00007F122870CBC6h 0x00000008 jne 00007F122870CBC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E097D6 second address: E097E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F1228D24AB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E097E5 second address: E097FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBCDh 0x00000009 popad 0x0000000a jg 00007F122870CBCCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09C6A second address: E09C6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E09DDD second address: E09DFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0FC29 second address: E0FC2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0FC2F second address: E0FC33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0FC33 second address: E0FC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0FC41 second address: E0FC45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0FC45 second address: E0FC61 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jl 00007F1228D24ABEh 0x0000000f pushad 0x00000010 popad 0x00000011 jns 00007F1228D24AB6h 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F703 second address: E0F70C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F70C second address: E0F72C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1228D24AB6h 0x00000008 jmp 00007F1228D24AC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F8C1 second address: E0F8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F122870CBC8h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F8CE second address: E0F8F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F1228D24AB6h 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F1228D24AC1h 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007F1228D24AB8h 0x0000001d rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F8F9 second address: E0F903 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F122870CBCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E0F903 second address: E0F90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E2140D second address: E21415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E21415 second address: E21437 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1228D24AB6h 0x00000008 jne 00007F1228D24AB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F1228D24ABEh 0x0000001a push edi 0x0000001b pop edi 0x0000001c jng 00007F1228D24AB6h 0x00000022 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E1BAF8 second address: E1BB1D instructions: 0x00000000 rdtsc 0x00000002 js 00007F122870CBDCh 0x00000008 jne 00007F122870CBC6h 0x0000000e jmp 00007F122870CBD0h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E2EDED second address: E2EDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E2EDF2 second address: E2EE04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCDh 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E2EE04 second address: E2EE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1228D24AC9h 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E2EE26 second address: E2EE30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F122870CBC6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4A235 second address: E4A23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E494A7 second address: E494B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F122870CBCBh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E49F50 second address: E49F54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E49F54 second address: E49F64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F122870CBC6h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4CF13 second address: E4CF3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC4h 0x00000007 jns 00007F1228D24AB8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jbe 00007F1228D24AB6h 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4CF3E second address: E4CF69 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F122870CBD6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pushad 0x00000012 jno 00007F122870CBC6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4F8EE second address: E4F8F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4FAE3 second address: E4FB17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBD4h 0x00000008 jmp 00007F122870CBD4h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4FB17 second address: E4FB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4FB1C second address: E4FB26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F122870CBC6h 0x0000000a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4FB26 second address: E4FBBA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1228D24AB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d or edx, 7ADCEC44h 0x00000013 push 00000004h 0x00000015 clc 0x00000016 mov dword ptr [ebp+122D1CC3h], edx 0x0000001c call 00007F1228D24AB9h 0x00000021 pushad 0x00000022 jmp 00007F1228D24AC7h 0x00000027 jmp 00007F1228D24AC3h 0x0000002c popad 0x0000002d push eax 0x0000002e pushad 0x0000002f jnp 00007F1228D24AC2h 0x00000035 jmp 00007F1228D24ABCh 0x0000003a pushad 0x0000003b jbe 00007F1228D24AB6h 0x00000041 jl 00007F1228D24AB6h 0x00000047 popad 0x00000048 popad 0x00000049 mov eax, dword ptr [esp+04h] 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 jmp 00007F1228D24AC2h 0x00000055 jne 00007F1228D24AB6h 0x0000005b popad 0x0000005c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: E4FBBA second address: E4FBCD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F122870CBC8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55200CF second address: 55200D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55200D3 second address: 55200D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500DA2 second address: 5500DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, ebp 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500DAE second address: 5500DBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500DBF second address: 5500DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1228D24ABCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500DCF second address: 5500DE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F122870CBCAh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500DE6 second address: 5500E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov ah, B0h 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F1228D24AC4h 0x00000011 push ecx 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500E09 second address: 5500E1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 push edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500E1B second address: 5500E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55500C2 second address: 5550107 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBD6h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007F122870CBCCh 0x00000011 mov dword ptr [esp], ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F122870CBD7h 0x0000001b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5550107 second address: 555011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1228D24AC4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E007C second address: 54E00B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F122870CBD0h 0x0000000a or ah, 00000058h 0x0000000d jmp 00007F122870CBCBh 0x00000012 popfd 0x00000013 popad 0x00000014 mov ebx, eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F122870CBD1h 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E00B8 second address: 54E00F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F1228D24ABAh 0x00000013 adc ax, 1A18h 0x00000018 jmp 00007F1228D24ABBh 0x0000001d popfd 0x0000001e mov ebx, eax 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E00F0 second address: 54E0132 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBCBh 0x00000008 pushfd 0x00000009 jmp 00007F122870CBD8h 0x0000000e xor cl, FFFFFFA8h 0x00000011 jmp 00007F122870CBCBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e mov ecx, 4077A231h 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0132 second address: 54E014E instructions: 0x00000000 rdtsc 0x00000002 mov esi, 52F3306Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1228D24ABAh 0x0000000e popad 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E014E second address: 54E016B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E016B second address: 54E019B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop edx 0x00000010 mov di, si 0x00000013 popad 0x00000014 popad 0x00000015 push dword ptr [ebp+0Ch] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1228D24ABAh 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E019B second address: 54E01B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 mov ebx, 6B092BD4h 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E01B8 second address: 54E01BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0215 second address: 54E0226 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 1BC15DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0226 second address: 54E022C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 550067F second address: 5500685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500685 second address: 550068B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 550068B second address: 550068F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 550068F second address: 55006A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a movzx esi, di 0x0000000d push eax 0x0000000e push edx 0x0000000f mov edi, 0CA0997Ch 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55006A3 second address: 55006B1 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55006B1 second address: 55006C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55006C4 second address: 5500705 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F122870CBCDh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F122870CBCEh 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F122870CBD7h 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55005B6 second address: 55005F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ebx 0x0000000f pushfd 0x00000010 jmp 00007F1228D24AC6h 0x00000015 sub al, FFFFFFB8h 0x00000018 jmp 00007F1228D24ABBh 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55005F8 second address: 550063F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F122870CBCEh 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F122870CBD7h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 550063F second address: 5500645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500381 second address: 55003BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F122870CBCCh 0x00000011 add cl, FFFFFFE8h 0x00000014 jmp 00007F122870CBCBh 0x00000019 popfd 0x0000001a mov dh, cl 0x0000001c popad 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55003BE second address: 55003D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5510124 second address: 5510133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5510133 second address: 551015F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1228D24ABCh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 551015F second address: 55101A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBD1h 0x00000008 pushfd 0x00000009 jmp 00007F122870CBD0h 0x0000000e adc ch, 00000038h 0x00000011 jmp 00007F122870CBCBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ax, bx 0x00000021 mov ax, dx 0x00000024 popad 0x00000025 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55101A1 second address: 55101A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55101A7 second address: 55101AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 552037C second address: 5520382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5520382 second address: 5520386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5520386 second address: 552038A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 552038A second address: 55203A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F122870CBCBh 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203A0 second address: 55203A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203A7 second address: 55203BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F122870CBCAh 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203BD second address: 55203C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203C3 second address: 55203C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203C7 second address: 55203CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55203CB second address: 552040F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F122870CBD9h 0x0000000f mov eax, dword ptr [ebp+08h] 0x00000012 pushad 0x00000013 mov edi, ecx 0x00000015 mov si, FCAFh 0x00000019 popad 0x0000001a and dword ptr [eax], 00000000h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F122870CBD1h 0x00000024 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 552040F second address: 552046A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 pushfd 0x00000007 jmp 00007F1228D24AC3h 0x0000000c sub esi, 19BE9A9Eh 0x00000012 jmp 00007F1228D24AC9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b and dword ptr [eax+04h], 00000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 call 00007F1228D24AC3h 0x00000027 pop eax 0x00000028 mov esi, edx 0x0000002a popad 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5500554 second address: 5500559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55201F2 second address: 552022F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1228D24ABEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1228D24ABEh 0x00000017 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 552022F second address: 5520270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F122870CBD6h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F122870CBD7h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5520270 second address: 552027F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebp 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55407B1 second address: 55407B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55407B6 second address: 5540835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1228D24ABDh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f pushad 0x00000010 mov esi, 3F236E63h 0x00000015 pushfd 0x00000016 jmp 00007F1228D24AC8h 0x0000001b jmp 00007F1228D24AC5h 0x00000020 popfd 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007F1228D24ABEh 0x00000029 xchg eax, ecx 0x0000002a jmp 00007F1228D24AC0h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F1228D24ABEh 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540835 second address: 554085B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBD1h 0x00000008 mov dx, si 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov bx, 65BAh 0x00000016 movsx edx, si 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 554085B second address: 5540908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1228D24AC3h 0x00000008 mov edi, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [76FA65FCh] 0x00000012 pushad 0x00000013 mov dl, ah 0x00000015 jmp 00007F1228D24ABDh 0x0000001a popad 0x0000001b test eax, eax 0x0000001d jmp 00007F1228D24ABEh 0x00000022 je 00007F129A707B80h 0x00000028 pushad 0x00000029 mov dx, ax 0x0000002c mov dl, al 0x0000002e popad 0x0000002f mov ecx, eax 0x00000031 pushad 0x00000032 push edi 0x00000033 mov bl, cl 0x00000035 pop edi 0x00000036 pushfd 0x00000037 jmp 00007F1228D24AC8h 0x0000003c and ecx, 7598BE18h 0x00000042 jmp 00007F1228D24ABBh 0x00000047 popfd 0x00000048 popad 0x00000049 xor eax, dword ptr [ebp+08h] 0x0000004c jmp 00007F1228D24ABFh 0x00000051 and ecx, 1Fh 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F1228D24AC5h 0x0000005b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540908 second address: 5540918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBCCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540918 second address: 554091C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 554091C second address: 5540985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ror eax, cl 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e call 00007F122870CBD9h 0x00000013 pop esi 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F122870CBD7h 0x0000001b mov ax, CA5Fh 0x0000001f popad 0x00000020 popad 0x00000021 leave 0x00000022 jmp 00007F122870CBD2h 0x00000027 retn 0004h 0x0000002a nop 0x0000002b mov esi, eax 0x0000002d lea eax, dword ptr [ebp-08h] 0x00000030 xor esi, dword ptr [00BA2014h] 0x00000036 push eax 0x00000037 push eax 0x00000038 push eax 0x00000039 lea eax, dword ptr [ebp-10h] 0x0000003c push eax 0x0000003d call 00007F122D0EDC9Fh 0x00000042 push FFFFFFFEh 0x00000044 pushad 0x00000045 mov cl, 74h 0x00000047 push eax 0x00000048 push edx 0x00000049 mov ebx, 34F2910Ch 0x0000004e rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540985 second address: 55409D2 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1228D24AC5h 0x00000008 sbb ax, 67E6h 0x0000000d jmp 00007F1228D24AC1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F1228D24AC3h 0x0000001f movzx ecx, dx 0x00000022 popad 0x00000023 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 55409D2 second address: 5540A1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ret 0x0000000a nop 0x0000000b push eax 0x0000000c call 00007F122D0EDD08h 0x00000011 mov edi, edi 0x00000013 jmp 00007F122870CBD0h 0x00000018 xchg eax, ebp 0x00000019 jmp 00007F122870CBD0h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F122870CBCDh 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540A1E second address: 5540A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540A24 second address: 5540A2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 5540A2A second address: 5540A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F003A second address: 54F004D instructions: 0x00000000 rdtsc 0x00000002 mov eax, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, 06E6h 0x0000000a popad 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 movsx edx, si 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F004D second address: 54F00BB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1228D24AC2h 0x00000008 or esi, 01510288h 0x0000000e jmp 00007F1228D24ABBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F1228D24AC8h 0x0000001c sub si, 64E8h 0x00000021 jmp 00007F1228D24ABBh 0x00000026 popfd 0x00000027 popad 0x00000028 and esp, FFFFFFF8h 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F1228D24AC5h 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F00BB second address: 54F00D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b movzx ecx, di 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F00D8 second address: 54F0100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, 39h 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007F1228D24AC7h 0x0000000e xchg eax, ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov ax, DFA1h 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0100 second address: 54F0120 instructions: 0x00000000 rdtsc 0x00000002 mov dh, cl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edi, 6283779Eh 0x0000000b popad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F122870CBD1h 0x00000014 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0120 second address: 54F0126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0126 second address: 54F0149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b jmp 00007F122870CBCFh 0x00000010 mov ebx, dword ptr [ebp+10h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0149 second address: 54F014D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F014D second address: 54F0168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0168 second address: 54F016E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F016E second address: 54F0172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0172 second address: 54F0190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1228D24AC3h 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0190 second address: 54F01E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F122870CBCFh 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], esi 0x00000011 pushad 0x00000012 mov cx, B9F7h 0x00000016 mov si, FE93h 0x0000001a popad 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e jmp 00007F122870CBD6h 0x00000023 xchg eax, edi 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F122870CBD7h 0x0000002b rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F01E8 second address: 54F01EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F01EE second address: 54F021A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F122870CBCCh 0x00000010 sbb eax, 2BB80CA8h 0x00000016 jmp 00007F122870CBCBh 0x0000001b popfd 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F021A second address: 54F0275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 xchg eax, edi 0x00000007 pushad 0x00000008 mov bx, ax 0x0000000b mov si, 8369h 0x0000000f popad 0x00000010 test esi, esi 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F1228D24AC2h 0x00000019 jmp 00007F1228D24AC5h 0x0000001e popfd 0x0000001f pushad 0x00000020 mov edx, ecx 0x00000022 push esi 0x00000023 pop ebx 0x00000024 popad 0x00000025 popad 0x00000026 je 00007F129A752E6Eh 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F1228D24ABEh 0x00000035 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0275 second address: 54F0284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F0284 second address: 54F029C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1228D24AC4h 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F029C second address: 54F02B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F02B1 second address: 54F02B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F02B5 second address: 54F02CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F02CD second address: 54F02D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F02D3 second address: 54F02D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F02D7 second address: 54F034D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F129A752E02h 0x0000000e jmp 00007F1228D24AC9h 0x00000013 mov edx, dword ptr [esi+44h] 0x00000016 pushad 0x00000017 push esi 0x00000018 call 00007F1228D24AC3h 0x0000001d pop eax 0x0000001e pop edi 0x0000001f mov ebx, eax 0x00000021 popad 0x00000022 or edx, dword ptr [ebp+0Ch] 0x00000025 jmp 00007F1228D24AC0h 0x0000002a test edx, 61000000h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F1228D24AC7h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54F034D second address: 54F03C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F129A13AEE4h 0x0000000f jmp 00007F122870CBCEh 0x00000014 test byte ptr [esi+48h], 00000001h 0x00000018 jmp 00007F122870CBD0h 0x0000001d jne 00007F129A13AED5h 0x00000023 jmp 00007F122870CBD0h 0x00000028 test bl, 00000007h 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F122870CBD7h 0x00000032 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E078D second address: 54E07CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1228D24AC1h 0x00000009 sub esi, 188FC996h 0x0000000f jmp 00007F1228D24AC1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F1228D24ABDh 0x00000020 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E07CD second address: 54E07D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E07D2 second address: 54E080D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F1228D24AC6h 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1228D24AC7h 0x00000018 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E080D second address: 54E0845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F122870CBD3h 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0845 second address: 54E084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E084A second address: 54E08DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F122870CBD4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F122870CBCEh 0x00000013 or ecx, 68A58268h 0x00000019 jmp 00007F122870CBCBh 0x0000001e popfd 0x0000001f movzx ecx, bx 0x00000022 popad 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007F122870CBCEh 0x0000002a mov esi, 45333961h 0x0000002f popad 0x00000030 mov dword ptr [esp], ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F122870CBD9h 0x0000003c add eax, 3AA165E6h 0x00000042 jmp 00007F122870CBD1h 0x00000047 popfd 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E08DB second address: 54E08E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E08E0 second address: 54E08EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBCAh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E08EE second address: 54E093D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov edi, ecx 0x0000000c pushfd 0x0000000d jmp 00007F1228D24AC6h 0x00000012 add si, EBE8h 0x00000017 jmp 00007F1228D24ABBh 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [esp], esi 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F1228D24AC5h 0x00000028 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E093D second address: 54E094D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F122870CBCCh 0x00000009 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E094D second address: 54E0951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0951 second address: 54E0968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F122870CBCAh 0x00000012 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0968 second address: 54E097E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24ABBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E097E second address: 54E0982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0982 second address: 54E0A31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushfd 0x00000008 jmp 00007F1228D24ABAh 0x0000000d and ecx, 768DB308h 0x00000013 jmp 00007F1228D24ABBh 0x00000018 popfd 0x00000019 pop esi 0x0000001a popad 0x0000001b test esi, esi 0x0000001d jmp 00007F1228D24ABFh 0x00000022 je 00007F129A75A48Bh 0x00000028 jmp 00007F1228D24AC6h 0x0000002d cmp dword ptr [esi+08h], DDEEDDEEh 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F1228D24ABEh 0x0000003b adc ax, A7C8h 0x00000040 jmp 00007F1228D24ABBh 0x00000045 popfd 0x00000046 call 00007F1228D24AC8h 0x0000004b jmp 00007F1228D24AC2h 0x00000050 pop ecx 0x00000051 popad 0x00000052 mov ecx, esi 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A31 second address: 54E0A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A35 second address: 54E0A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A39 second address: 54E0A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A3F second address: 54E0A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A45 second address: 54E0A49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A49 second address: 54E0A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F129A75A408h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A5C second address: 54E0A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, ecx 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0A63 second address: 54E0ABC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [76FA6968h], 00000002h 0x00000010 pushad 0x00000011 mov edx, esi 0x00000013 mov edi, eax 0x00000015 popad 0x00000016 jne 00007F129A75A3E1h 0x0000001c pushad 0x0000001d mov ah, 25h 0x0000001f mov ax, bx 0x00000022 popad 0x00000023 mov edx, dword ptr [ebp+0Ch] 0x00000026 pushad 0x00000027 mov ax, bx 0x0000002a mov esi, edi 0x0000002c popad 0x0000002d push ebx 0x0000002e jmp 00007F1228D24AC0h 0x00000033 mov dword ptr [esp], ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0ABC second address: 54E0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\file.exe | RDTSC instruction interceptor: First address: 54E0AC0 second address: 54E0ADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1228D24AC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.db | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.json | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login Data | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\signons.sqlite | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\logins.json | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | |
Source: C:\Users\user\AppData\Local\Temp\1000009001\2531414c80.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\signons.sqlite | Jump to behavior |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login Data | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login Data | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | |
Source: C:\Windows\System32\rundll32.exe | File opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login Data | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini | |
Source: C:\ProgramData\MPGPH131\MPGPH131.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT | |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | |