Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 79.134.225.109 |
Source: RegAsm.exe, 0000000E.00000002.577037187.000000001D5C1000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: http://aMDPVn.com |
Source: ieinstal.exe, 00000004.00000002.1037038381.0000000000B7C000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: ieinstal.exe, 00000004.00000003.526285379.0000000000B8E000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: ieinstal.exe, 00000004.00000002.1037038381.0000000000B7C000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: ieinstal.exe, 00000004.00000002.1037038381.0000000000B7C000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: RegAsm.exe, 00000016.00000002.1047356210.000000001DD6D000.00000004.00000001.sdmp |
String found in binary or memory: http://fibertech.ae |
Source: RegAsm.exe, 00000016.00000002.1047356210.000000001DD6D000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.fibertech.ae |
Source: RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0 |
Source: ieinstal.exe, 00000004.00000003.526285379.0000000000B8E000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/05 |
Source: ieinstal.exe, 00000004.00000003.526285379.0000000000B8E000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.l |
Source: ieinstal.exe, 00000004.00000003.526285379.0000000000B8E000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1048916980.0000000021250000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: ieinstal.exe, 00000004.00000002.1045640426.000000001E54C000.00000004.00000001.sdmp |
String found in binary or memory: http://www.yandex.comsocks=http= |
Source: RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/= |
Source: RegAsm.exe |
String found in binary or memory: https://mariotessarollo.com/or/ag.bin |
Source: RegAsm.exe, 0000000E.00000002.571849664.0000000000941000.00000040.00000001.sdmp, RegAsm.exe, 00000016.00000002.1036340354.0000000000F01000.00000040.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/or/ag.binhttps://www.sogecoenergy.com/or/ag.bin |
Source: ieinstal.exe |
String found in binary or memory: https://mariotessarollo.com/ot/ot.bin |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ot/ot.binU |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ot/ot.binb |
Source: ieinstal.exe, 00000004.00000003.526336094.0000000000B42000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ot/ot.binen |
Source: ieinstal.exe, 00000004.00000002.1034924177.0000000000871000.00000040.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ot/ot.binhttps://www.sogecoenergy.com/ot/ot.bin |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ot/ot.bini |
Source: ieinstal.exe, 00000004.00000002.1036948717.0000000000B4D000.00000004.00000001.sdmp |
String found in binary or memory: https://mariotessarollo.com/ows |
Source: RegAsm.exe, 00000016.00000002.1047417899.000000001DD90000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1047431438.000000001DD98000.00000004.00000001.sdmp |
String found in binary or memory: https://u28IS26ZRk5fJwhXK.org |
Source: RegAsm.exe |
String found in binary or memory: https://www.sogecoenergy.com/or/ag.bin |
Source: ieinstal.exe |
String found in binary or memory: https://www.sogecoenergy.com/ot/ot.bin |
Source: ieinstal.exe |
String found in binary or memory: https://www.sogecoenergy.com/ota.bin |
Source: RegAsm.exe, 0000000E.00000002.577037187.000000001D5C1000.00000004.00000001.sdmp, RegAsm.exe, 00000016.00000002.1046908354.000000001DA01000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872AB2 Sleep,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,LoadLibraryA, |
4_2_00872AB2 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00875ADF LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk, |
4_2_00875ADF |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871EEC TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871EEC |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872BC0 Sleep,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872BC0 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872BDA LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872BDA |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871F4B LdrInitializeThunk,RtlAddVectoredExceptionHandler,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871F4B |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872CB4 LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk, |
4_2_00872CB4 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872CCC LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872CCC |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872003 LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872003 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872C13 LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872C13 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872C33 LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872C33 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872C60 LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872C60 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872C7B LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872C7B |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871D96 TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871D96 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872D04 NtProtectVirtualMemory,LdrInitializeThunk, |
4_2_00872D04 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00875A8C LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00875A8C |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00875A92 LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00875A92 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871E9B TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871E9B |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872BA4 Sleep,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872BA4 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871FA2 LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871FA2 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872BBC LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872BBC |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871FD3 LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871FD3 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871F07 TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871F07 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871F2E TerminateThread,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871F2E |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872B54 LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872B54 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00872B58 Sleep,LdrInitializeThunk,Sleep,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00872B58 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00871F7C TerminateThread,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory,LdrInitializeThunk,NtProtectVirtualMemory, |
4_2_00871F7C |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_0232070C NtSetInformationThread, |
12_2_0232070C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_009460AF NtProtectVirtualMemory, |
14_2_009460AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00946032 NtProtectVirtualMemory, |
14_2_00946032 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00946048 NtProtectVirtualMemory, |
14_2_00946048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_0094646B NtProtectVirtualMemory, |
14_2_0094646B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00945DFF NtProtectVirtualMemory, |
14_2_00945DFF |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_0211070C NtSetInformationThread, |
19_2_0211070C |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D070C NtSetInformationThread, |
20_2_020D070C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F060AF NtProtectVirtualMemory, |
22_2_00F060AF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F0646B NtProtectVirtualMemory, |
22_2_00F0646B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F06048 NtProtectVirtualMemory, |
22_2_00F06048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F06032 NtProtectVirtualMemory, |
22_2_00F06032 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F05DFF NtProtectVirtualMemory, |
22_2_00F05DFF |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_00401594 |
12_2_00401594 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D403CCC |
14_2_1D403CCC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D405473 |
14_2_1D405473 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D4047A0 |
14_2_1D4047A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D403A44 |
14_2_1D403A44 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D405490 |
14_2_1D405490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D404750 |
14_2_1D404750 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D404773 |
14_2_1D404773 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D404730 |
14_2_1D404730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D404790 |
14_2_1D404790 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D4046F0 |
14_2_1D4046F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_3_00E63843 |
22_3_00E63843 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012B2D50 |
22_2_012B2D50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012BA770 |
22_2_012BA770 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012B1FE0 |
22_2_012B1FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012BBFD0 |
22_2_012BBFD0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012B2618 |
22_2_012B2618 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012BBF70 |
22_2_012BBF70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012D7910 |
22_2_012D7910 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DF190 |
22_2_012DF190 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DC420 |
22_2_012DC420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012D0B28 |
22_2_012D0B28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012D9378 |
22_2_012D9378 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012D4FE0 |
22_2_012D4FE0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012D66C0 |
22_2_012D66C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DD516 |
22_2_012DD516 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DD1A6 |
22_2_012DD1A6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DC831 |
22_2_012DC831 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_012DD0A4 |
22_2_012DD0A4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_013865F8 |
22_2_013865F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_01384490 |
22_2_01384490 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_01385CD4 |
22_2_01385CD4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_01389717 |
22_2_01389717 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_013839B0 |
22_2_013839B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_01380030 |
22_2_01380030 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_0138B850 |
22_2_0138B850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_01380040 |
22_2_01380040 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_02322412 push 95CFAB99h; iretd |
12_2_023225E2 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_0232409F push edx; ret |
12_2_023240A0 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_02322CD8 push ecx; ret |
12_2_02322CD9 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_023214C0 push ecx; ret |
12_2_023214C1 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_0232056C push eax; ret |
12_2_0232056D |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_02323392 push ss; ret |
12_2_023233B5 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_023215E4 push ecx; ret |
12_2_023215E5 |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Code function: 12_2_023203EC push eax; ret |
12_2_023203ED |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_009440B1 push ecx; ret |
14_2_00944080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_0094403E push ecx; ret |
14_2_00944080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00943F87 push ds; retf |
14_2_00943F9F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_1D40C550 push ds; ret |
14_2_1D40C583 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_0211409F push edx; ret |
19_2_021140A0 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_02112CD8 push ecx; ret |
19_2_02112CD9 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_021114C0 push ecx; ret |
19_2_021114C1 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_02113392 push ss; ret |
19_2_021133B5 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_021115A3 push ecx; ret |
19_2_021115E5 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 19_2_021115E6 push ecx; ret |
19_2_021115E5 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D3E34 push eax; ret |
20_2_020D3E35 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D3C64 push ebx; ret |
20_2_020D3C65 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D409E push edx; ret |
20_2_020D40A0 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D14C0 push ecx; ret |
20_2_020D14C1 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D2CD8 push ecx; ret |
20_2_020D2CD9 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D1D4F pushfd ; ret |
20_2_020D1D59 |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D056C push eax; ret |
20_2_020D056D |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D03EC push eax; ret |
20_2_020D03ED |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Code function: 20_2_020D15E4 push ecx; ret |
20_2_020D15E5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_3_00E70801 pushfd ; ret |
22_3_00E70802 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F040B1 push ecx; ret |
22_2_00F04080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F0403E push ecx; ret |
22_2_00F04080 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F03F87 push ds; retf |
22_2_00F03F9F |
Source: C:\Windows\System32\msiexec.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Installer\MSI7397.tmp |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Installer\MSI7397.tmp |
RDTSC instruction interceptor: First address: 000000000058124D second address: 000000000058124D instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B18438h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test ebx, ecx 0x0000001f pop ecx 0x00000020 test ah, dh 0x00000022 add edi, edx 0x00000024 dec ecx 0x00000025 jmp 00007FD8F0B18442h 0x00000027 cmp dl, dl 0x00000029 cmp ecx, 00000000h 0x0000002c jne 00007FD8F0B18409h 0x0000002e cmp ecx, ebx 0x00000030 push ecx 0x00000031 call 00007FD8F0B18475h 0x00000036 call 00007FD8F0B18448h 0x0000003b lfence 0x0000003e mov edx, dword ptr [7FFE0014h] 0x00000044 lfence 0x00000047 ret 0x00000048 mov esi, edx 0x0000004a pushad 0x0000004b rdtsc |
Source: C:\Windows\Installer\MSI7397.tmp |
RDTSC instruction interceptor: First address: 00000000005805B3 second address: 00000000005805B3 instructions: |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
RDTSC instruction interceptor: First address: 0000000000871545 second address: 0000000000871545 instructions: |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 0000000002322D2B second address: 0000000002322D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B430B8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B430C2h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B43086h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B430FAh 0x00000039 call 00007FD8F0B430C8h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 0000000002322338 second address: 0000000002322338 instructions: |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 00000000023225E9 second address: 00000000023225E9 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000941765 second address: 0000000000941765 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 0000000002112D2B second address: 0000000002112D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B430B8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B430C2h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B43086h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B430FAh 0x00000039 call 00007FD8F0B430C8h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 0000000002112338 second address: 0000000002112338 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000021125E9 second address: 00000000021125E9 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D2D2B second address: 00000000020D2D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B43208h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B43212h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B431D6h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B4324Ah 0x00000039 call 00007FD8F0B43218h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D2338 second address: 00000000020D2338 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D25E9 second address: 00000000020D25E9 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000F01765 second address: 0000000000F01765 instructions: |
Source: C:\Windows\Installer\MSI7397.tmp |
RDTSC instruction interceptor: First address: 000000000058124D second address: 000000000058124D instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B18438h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d test ebx, ecx 0x0000001f pop ecx 0x00000020 test ah, dh 0x00000022 add edi, edx 0x00000024 dec ecx 0x00000025 jmp 00007FD8F0B18442h 0x00000027 cmp dl, dl 0x00000029 cmp ecx, 00000000h 0x0000002c jne 00007FD8F0B18409h 0x0000002e cmp ecx, ebx 0x00000030 push ecx 0x00000031 call 00007FD8F0B18475h 0x00000036 call 00007FD8F0B18448h 0x0000003b lfence 0x0000003e mov edx, dword ptr [7FFE0014h] 0x00000044 lfence 0x00000047 ret 0x00000048 mov esi, edx 0x0000004a pushad 0x0000004b rdtsc |
Source: C:\Windows\Installer\MSI7397.tmp |
RDTSC instruction interceptor: First address: 00000000005813D8 second address: 00000000005813D8 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B470D7h 0x0000001d popad 0x0000001e call 00007FD8F0B430BDh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Installer\MSI7397.tmp |
RDTSC instruction interceptor: First address: 00000000005805B3 second address: 00000000005805B3 instructions: |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
RDTSC instruction interceptor: First address: 00000000008713D8 second address: 00000000008713D8 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B470D7h 0x0000001d popad 0x0000001e call 00007FD8F0B430BDh 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
RDTSC instruction interceptor: First address: 0000000000871545 second address: 0000000000871545 instructions: |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 0000000002322D2B second address: 0000000002322D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B430B8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B430C2h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B43086h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B430FAh 0x00000039 call 00007FD8F0B430C8h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 0000000002322F18 second address: 0000000002322F18 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B458E3h 0x0000001d popad 0x0000001e call 00007FD8F0B43259h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 0000000002322338 second address: 0000000002322338 instructions: |
Source: C:\Users\user\AppData\Local\Temp\ota.exe |
RDTSC instruction interceptor: First address: 00000000023225E9 second address: 00000000023225E9 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000942F18 second address: 0000000000942F18 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B45793h 0x0000001d popad 0x0000001e call 00007FD8F0B43109h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000941765 second address: 0000000000941765 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 0000000002112D2B second address: 0000000002112D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B430B8h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B430C2h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B43086h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B430FAh 0x00000039 call 00007FD8F0B430C8h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 0000000002112F18 second address: 0000000002112F18 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B458E3h 0x0000001d popad 0x0000001e call 00007FD8F0B43259h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 0000000002112338 second address: 0000000002112338 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000021125E9 second address: 00000000021125E9 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000F02F18 second address: 0000000000F02F18 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B45793h 0x0000001d popad 0x0000001e call 00007FD8F0B43109h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D2D2B second address: 00000000020D2D2B instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007FD8F0B43208h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d pop ecx 0x0000001e jmp 00007FD8F0B43212h 0x00000020 cmp ax, bx 0x00000023 cmp eax, ebx 0x00000025 add edi, edx 0x00000027 dec ecx 0x00000028 cmp ecx, 00000000h 0x0000002b jne 00007FD8F0B431D6h 0x0000002d push ecx 0x0000002e cmp ax, 00004A60h 0x00000032 cmp al, cl 0x00000034 call 00007FD8F0B4324Ah 0x00000039 call 00007FD8F0B43218h 0x0000003e lfence 0x00000041 mov edx, dword ptr [7FFE0014h] 0x00000047 lfence 0x0000004a ret 0x0000004b mov esi, edx 0x0000004d pushad 0x0000004e rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D2F18 second address: 00000000020D2F18 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007FD8F0B45793h 0x0000001d popad 0x0000001e call 00007FD8F0B43109h 0x00000023 lfence 0x00000026 rdtsc |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D2338 second address: 00000000020D2338 instructions: |
Source: C:\Users\user\Afkodedes8\asparagussens.exe |
RDTSC instruction interceptor: First address: 00000000020D25E9 second address: 00000000020D25E9 instructions: |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
RDTSC instruction interceptor: First address: 0000000000F01765 second address: 0000000000F01765 instructions: |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_008729D9 mov eax, dword ptr fs:[00000030h] |
4_2_008729D9 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00874658 mov eax, dword ptr fs:[00000030h] |
4_2_00874658 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00874668 mov eax, dword ptr fs:[00000030h] |
4_2_00874668 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00874707 mov eax, dword ptr fs:[00000030h] |
4_2_00874707 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00874F70 mov eax, dword ptr fs:[00000030h] |
4_2_00874F70 |
Source: C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Code function: 4_2_00874F79 mov eax, dword ptr fs:[00000030h] |
4_2_00874F79 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_009450B5 mov eax, dword ptr fs:[00000030h] |
14_2_009450B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_009448DC mov eax, dword ptr fs:[00000030h] |
14_2_009448DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00945BCB mov eax, dword ptr fs:[00000030h] |
14_2_00945BCB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 14_2_00945B66 mov eax, dword ptr fs:[00000030h] |
14_2_00945B66 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F048DC mov eax, dword ptr fs:[00000030h] |
22_2_00F048DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F050B5 mov eax, dword ptr fs:[00000030h] |
22_2_00F050B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F05BCB mov eax, dword ptr fs:[00000030h] |
22_2_00F05BCB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 22_2_00F05B66 mov eax, dword ptr fs:[00000030h] |
22_2_00F05B66 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B050B5 mov eax, dword ptr fs:[00000030h] |
26_2_00B050B5 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B048E7 mov eax, dword ptr fs:[00000030h] |
26_2_00B048E7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B048DC mov eax, dword ptr fs:[00000030h] |
26_2_00B048DC |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B01DA6 mov eax, dword ptr fs:[00000030h] |
26_2_00B01DA6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B01DC0 mov eax, dword ptr fs:[00000030h] |
26_2_00B01DC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B02BB2 mov eax, dword ptr fs:[00000030h] |
26_2_00B02BB2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Code function: 26_2_00B05BCB mov eax, dword ptr fs:[00000030h] |
26_2_00B05BCB |