Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A014 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A23E NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A307 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A07C NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A19C NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A014 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02341630 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233523A |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338610 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02333E18 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337A74 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337E47 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338E4D |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023366A3 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337288 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233DAEC |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02330EC3 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233EEC4 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02341ACC |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233F323 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337B2E |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337F10 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233830E |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233270D |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233EF7F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02330F6F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233676C |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337345 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02340F4F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233DFB4 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023377A3 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02340FA6 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02334BA6 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023383FA |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023327E3 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023353DF |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023387C4 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02340830 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02334C39 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338C14 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337C1B |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338805 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E070 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337074 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233A07C |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E070 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02330C49 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023414A5 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023388AB |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233649B |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E535 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233812F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233F110 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02337904 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02341577 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02335574 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E554 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338149 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0234194F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233819E |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02338D9C |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02336586 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02333DE4 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02333DEA |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023359CC |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000000.219924452.0000000000473000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameWivrejaygeesca9.exe vs June-July_Commission_List_Summary-2021.exe |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000002.1304125341.0000000002250000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameuser32j% vs June-July_Commission_List_Summary-2021.exe |
Source: June-July_Commission_List_Summary-2021.exe | Binary or memory string: OriginalFilenameWivrejaygeesca9.exe vs June-July_Commission_List_Summary-2021.exe |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_00404923 push ds; ret |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0040659A push esp; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0040569B push ebp; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_00408B7B push ebx; iretd |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_00406F8F push ebp; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233AE57 pushad ; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233AE82 pushad ; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023310DE push FA63AFCBh; retf |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02341630 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233523A |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233EEC4 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023353DF |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233446F |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023414A5 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233449C |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233D52B |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02341577 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02335574 |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 000000000233E4B4 second address: 000000000233E4B4 instructions: |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 000000000233DC02 second address: 000000000233DDA2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov esi, dword ptr [ebp+00000223h] 0x00000011 mov dword ptr [ebp+0000021Bh], eax 0x00000017 mov eax, esi 0x00000019 push eax 0x0000001a cmp dl, cl 0x0000001c mov eax, dword ptr [ebp+0000021Bh] 0x00000022 mov dword ptr [ebp+0000019Ch], ebx 0x00000028 test dx, F826h 0x0000002d mov ebx, edx 0x0000002f test bx, 655Ch 0x00000034 push ebx 0x00000035 mov ebx, dword ptr [ebp+0000019Ch] 0x0000003b call 00007F90ECE82998h 0x00000040 test edx, ebx 0x00000042 mov esi, dword ptr [esp+04h] 0x00000046 mov eax, 020D0734h 0x0000004b xor eax, 97E8A2A4h 0x00000050 jmp 00007F90ECE829F9h 0x00000055 test dx, bx 0x00000058 xor eax, 66496E64h 0x0000005d sub eax, F3ACB6EFh 0x00000062 test ax, cx 0x00000065 test ax, ax 0x00000068 mov dword ptr [ebp+000001DCh], ebx 0x0000006e mov ebx, FD8668ABh 0x00000073 pushad 0x00000074 mov edx, 00000025h 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 000000000233DDA2 second address: 000000000233DDA2 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 add ebx, 2EB48951h 0x00000009 xor ebx, 4D05852Ah 0x0000000f test ah, ah 0x00000011 sub ebx, 613F7432h 0x00000017 cmp byte ptr [esi], bl 0x00000019 mov ebx, dword ptr [ebp+000001DCh] 0x0000001f jnc 00007F90EC99618Dh 0x00000021 mov ebx, eax 0x00000023 test dh, ch 0x00000025 shl eax, 05h 0x00000028 add eax, ebx 0x0000002a movzx ecx, byte ptr [esi] 0x0000002d test bh, dh 0x0000002f add eax, ecx 0x00000031 xor eax, 87814D76h 0x00000036 test dh, dh 0x00000038 inc esi 0x00000039 mov dword ptr [ebp+00000199h], ecx 0x0000003f mov ecx, 8083BC92h 0x00000044 cmp edx, E060B676h 0x0000004a test al, bl 0x0000004c xor ecx, 15B192FBh 0x00000052 xor ecx, 1B76C997h 0x00000058 test ecx, eax 0x0000005a xor ecx, 8E44E7FEh 0x00000060 cmp ebx, D7C88536h 0x00000066 cmp dh, FFFFFFD5h 0x00000069 cmp byte ptr [esi], cl 0x0000006b mov ecx, dword ptr [ebp+00000199h] 0x00000071 jne 00007F90EC9960AEh 0x00000077 mov dword ptr [ebp+000001DCh], ebx 0x0000007d mov ebx, FD8668ABh 0x00000082 pushad 0x00000083 mov edx, 00000025h 0x00000088 rdtsc |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 0000000002341903 second address: 0000000002341903 instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 cmp dword ptr [ebp+000001DAh], ebx 0x00000009 jne 00007F90ECE82916h 0x0000000b xor dword ptr [eax], edx 0x0000000d add eax, 04h 0x00000010 mov dword ptr [ebp+000001DAh], eax 0x00000016 pushad 0x00000017 mov eax, 000000FCh 0x0000001c rdtsc |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 0000000002341AA0 second address: 0000000002341AA0 instructions: |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | RDTSC instruction interceptor: First address: 000000000233F545 second address: 000000000233DDA2 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b push ecx 0x0000000c mov ecx, dword ptr [ebp+000001B8h] 0x00000012 test bh, dh 0x00000014 mov dword ptr [ebp+0000020Fh], edx 0x0000001a mov edx, ecx 0x0000001c cmp ch, dh 0x0000001e push edx 0x0000001f cmp eax, D3D4D650h 0x00000024 mov edx, dword ptr [ebp+0000020Fh] 0x0000002a mov dword ptr [ebp+0000024Ah], ecx 0x00000030 mov ecx, esi 0x00000032 push ecx 0x00000033 mov ecx, dword ptr [ebp+0000024Ah] 0x00000039 test dl, cl 0x0000003b mov dword ptr [ebp+00000210h], eax 0x00000041 mov eax, esi 0x00000043 push eax 0x00000044 cmp ah, dh 0x00000046 mov eax, dword ptr [ebp+00000210h] 0x0000004c cmp cx, bx 0x0000004f add dword ptr [esp], ecx 0x00000052 call 00007F90ECE8103Eh 0x00000057 test edx, ebx 0x00000059 mov esi, dword ptr [esp+04h] 0x0000005d mov eax, 020D0734h 0x00000062 xor eax, 97E8A2A4h 0x00000067 jmp 00007F90ECE829F9h 0x0000006c test dx, bx 0x0000006f xor eax, 66496E64h 0x00000074 sub eax, F3ACB6EFh 0x00000079 test ax, cx 0x0000007c test ax, ax 0x0000007f mov dword ptr [ebp+000001DCh], ebx 0x00000085 mov ebx, FD8668ABh 0x0000008a pushad 0x0000008b mov edx, 00000025h 0x00000090 rdtsc |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233523A mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E26D mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023366A3 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233E347 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_023397E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233D812 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_0233649B mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\June-July_Commission_List_Summary-2021.exe | Code function: 1_2_02336586 mov eax, dword ptr fs:[00000030h] |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000002.1303735073.0000000000DF0000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000002.1303735073.0000000000DF0000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000002.1303735073.0000000000DF0000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: June-July_Commission_List_Summary-2021.exe, 00000001.00000002.1303735073.0000000000DF0000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |