Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 101.99.94.119 |
Source: loKmeabs9V.exe, 00000017.00000002.470426218.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy) |
Source: loKmeabs9V.exe, 00000016.00000003.470302046.0000000000A0D000.00000004.00000001.sdmp |
String found in binary or memory: ersion":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version informati equals www.facebook.com (Facebook) |
Source: loKmeabs9V.exe, 00000016.00000002.473429817.0000000000B3B000.00000004.00000040.sdmp |
String found in binary or memory: http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginckFilterColumnsMode equals www.facebook.com (Facebook) |
Source: loKmeabs9V.exe, 00000016.00000002.473429817.0000000000B3B000.00000004.00000040.sdmp |
String found in binary or memory: http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginckFilterColumnsMode equals www.yahoo.com (Yahoo) |
Source: loKmeabs9V.exe |
String found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy) |
Source: loKmeabs9V.exe |
String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook) |
Source: loKmeabs9V.exe, 00000016.00000003.472054856.0000000000B3A000.00000004.00000001.sdmp |
String found in binary or memory: s://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginckFilterColumnsMode equals www.facebook.com (Facebook) |
Source: loKmeabs9V.exe, 00000016.00000003.472054856.0000000000B3A000.00000004.00000001.sdmp |
String found in binary or memory: s://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.google.com/chrome/https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/chrome/thank-you.htmlhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287res://C:\Windows\system32\mmcndmgr.dll/views.htmhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/loginckFilterColumnsMode equals www.yahoo.com (Yahoo) |
Source: loKmeabs9V.exe, 00000016.00000002.472421374.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook) |
Source: loKmeabs9V.exe, 00000016.00000002.472421374.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo) |
Source: loKmeabs9V.exe, 00000016.00000003.470222066.0000000000A02000.00000004.00000001.sdmp |
String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe |
Source: loKmeabs9V.exe, 00000016.00000002.473021402.00000000006E8000.00000004.00000020.sdmp |
String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico |
Source: loKmeabs9V.exe |
String found in binary or memory: http://www.ebuddy.com |
Source: loKmeabs9V.exe |
String found in binary or memory: http://www.imvu.com |
Source: loKmeabs9V.exe, 00000017.00000002.470384906.000000000019C000.00000004.00000001.sdmp |
String found in binary or memory: http://www.imvu.com/.exe |
Source: loKmeabs9V.exe, 00000017.00000002.470426218.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com |
Source: loKmeabs9V.exe, 00000017.00000002.470426218.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: http://www.imvu.comr |
Source: loKmeabs9V.exe, 00000016.00000002.472368637.0000000000193000.00000004.00000001.sdmp |
String found in binary or memory: http://www.nirsoft.net |
Source: loKmeabs9V.exe, loKmeabs9V.exe, 00000018.00000002.471540483.0000000000400000.00000040.00000001.sdmp |
String found in binary or memory: http://www.nirsoft.net/ |
Source: loKmeabs9V.exe |
String found in binary or memory: https://login.yahoo.com/config/login |
Source: loKmeabs9V.exe, 00000016.00000003.471770618.0000000000A18000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash |
Source: loKmeabs9V.exe, 00000016.00000003.471770618.0000000000A18000.00000004.00000001.sdmp |
String found in binary or memory: https://support.google.com/chrome/answer/6258784 |
Source: loKmeabs9V.exe |
String found in binary or memory: https://www.google.com |
Source: loKmeabs9V.exe |
String found in binary or memory: https://www.google.com/accounts/servicelogin |
Source: loKmeabs9V.exe, 00000016.00000002.473021402.00000000006E8000.00000004.00000020.sdmp |
String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B629C NtWriteVirtualMemory,LoadLibraryA, |
0_2_022B629C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5971 NtAllocateVirtualMemory, |
0_2_022B5971 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B9189 NtProtectVirtualMemory, |
0_2_022B9189 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4230 NtWriteVirtualMemory, |
0_2_022B4230 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B7C19 NtWriteVirtualMemory, |
0_2_022B7C19 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5844 NtWriteVirtualMemory, |
0_2_022B5844 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B9653 NtWriteVirtualMemory,CreateProcessInternalW, |
0_2_022B9653 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B46C8 NtWriteVirtualMemory, |
0_2_022B46C8 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4CD0 NtWriteVirtualMemory, |
0_2_022B4CD0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B9122 NtProtectVirtualMemory, |
0_2_022B9122 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4352 NtWriteVirtualMemory, |
0_2_022B4352 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B41B6 NtWriteVirtualMemory, |
0_2_022B41B6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4B96 NtWriteVirtualMemory, |
0_2_022B4B96 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B87E3 NtWriteVirtualMemory, |
0_2_022B87E3 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_2_00569CF6 LdrInitializeThunk,NtProtectVirtualMemory, |
14_2_00569CF6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_2_00569DCF LdrInitializeThunk,Sleep,LdrInitializeThunk,LdrInitializeThunk,NtProtectVirtualMemory, |
14_2_00569DCF |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_2_00569CF1 LdrInitializeThunk,NtProtectVirtualMemory, |
14_2_00569CF1 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle, |
22_2_0040DD85 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00401806 NtdllDefWindowProc_W, |
22_2_00401806 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_004018C0 NtdllDefWindowProc_W, |
22_2_004018C0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00402CAC NtdllDefWindowProc_A, |
23_2_00402CAC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00402D66 NtdllDefWindowProc_A, |
23_2_00402D66 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004016FC NtdllDefWindowProc_A, |
24_2_004016FC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004017B6 NtdllDefWindowProc_A, |
24_2_004017B6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B962D |
0_2_022B962D |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B245A |
0_2_022B245A |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8687 |
0_2_022B8687 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B629C |
0_2_022B629C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5971 |
0_2_022B5971 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B0571 |
0_2_022B0571 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B0BC7 |
0_2_022B0BC7 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B3A2E |
0_2_022B3A2E |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8030 |
0_2_022B8030 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4230 |
0_2_022B4230 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B7C19 |
0_2_022B7C19 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B084F |
0_2_022B084F |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5844 |
0_2_022B5844 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B9653 |
0_2_022B9653 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B1654 |
0_2_022B1654 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B0CAC |
0_2_022B0CAC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B30BC |
0_2_022B30BC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B2889 |
0_2_022B2889 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8098 |
0_2_022B8098 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B3C9E |
0_2_022B3C9E |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B149C |
0_2_022B149C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B2C93 |
0_2_022B2C93 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8294 |
0_2_022B8294 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B3EE1 |
0_2_022B3EE1 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B10E0 |
0_2_022B10E0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B46C8 |
0_2_022B46C8 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B36C3 |
0_2_022B36C3 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B82DC |
0_2_022B82DC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4CD0 |
0_2_022B4CD0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8923 |
0_2_022B8923 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B7921 |
0_2_022B7921 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B8324 |
0_2_022B8324 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B151C |
0_2_022B151C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B1940 |
0_2_022B1940 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B1D5A |
0_2_022B1D5A |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4352 |
0_2_022B4352 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5DAE |
0_2_022B5DAE |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B41B6 |
0_2_022B41B6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B4B96 |
0_2_022B4B96 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B87E3 |
0_2_022B87E3 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B41E6 |
0_2_022B41E6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B5BF3 |
0_2_022B5BF3 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_022B19F4 |
0_2_022B19F4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E99D1E7 |
14_3_1E99D1E7 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1EA3B487 |
14_3_1EA3B487 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E79FBBE |
14_3_1E79FBBE |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E80D21E |
14_3_1E80D21E |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E8491EC |
14_3_1E8491EC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E7AE755 |
14_3_1E7AE755 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E7DBB8C |
14_3_1E7DBB8C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E81BDB5 |
14_3_1E81BDB5 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 14_3_1E7A064D |
14_3_1E7A064D |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044B040 |
22_2_0044B040 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0043610D |
22_2_0043610D |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00447310 |
22_2_00447310 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044A490 |
22_2_0044A490 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0040755A |
22_2_0040755A |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0043C560 |
22_2_0043C560 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044B610 |
22_2_0044B610 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044D6C0 |
22_2_0044D6C0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_004476F0 |
22_2_004476F0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044B870 |
22_2_0044B870 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044081D |
22_2_0044081D |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00414957 |
22_2_00414957 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_004079EE |
22_2_004079EE |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00407AEB |
22_2_00407AEB |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044AA80 |
22_2_0044AA80 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00412AA9 |
22_2_00412AA9 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00404B74 |
22_2_00404B74 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00404B03 |
22_2_00404B03 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044BBD8 |
22_2_0044BBD8 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00404BE5 |
22_2_00404BE5 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00404C76 |
22_2_00404C76 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00415CFE |
22_2_00415CFE |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00416D72 |
22_2_00416D72 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00446D30 |
22_2_00446D30 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00446D8B |
22_2_00446D8B |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00406E8F |
22_2_00406E8F |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_1_00476347 |
22_1_00476347 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004050C2 |
23_2_004050C2 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004014AB |
23_2_004014AB |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00405133 |
23_2_00405133 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004051A4 |
23_2_004051A4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00401246 |
23_2_00401246 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_0040CA46 |
23_2_0040CA46 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00405235 |
23_2_00405235 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004032C8 |
23_2_004032C8 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004222D9 |
23_2_004222D9 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00401689 |
23_2_00401689 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00402F60 |
23_2_00402F60 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_1_004222D9 |
23_1_004222D9 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0040D044 |
24_2_0040D044 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00405038 |
24_2_00405038 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004050A9 |
24_2_004050A9 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0040511A |
24_2_0040511A |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004051AB |
24_2_004051AB |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004382F3 |
24_2_004382F3 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00430575 |
24_2_00430575 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0043B671 |
24_2_0043B671 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0041F6CD |
24_2_0041F6CD |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004119CF |
24_2_004119CF |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00439B11 |
24_2_00439B11 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00438E54 |
24_2_00438E54 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00412F67 |
24_2_00412F67 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0043CF18 |
24_2_0043CF18 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_1_0045530B |
24_1_0045530B |
Source: loKmeabs9V.exe, 00000000.00000000.205287548.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: loKmeabs9V.exe |
Binary or memory string: OriginalFilename vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 0000000E.00000003.473704439.000000001E84B000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 0000000E.00000000.334706774.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 0000000E.00000002.1292980091.000000001DEA0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemswsock.dll.muij% vs loKmeabs9V.exe |
Source: loKmeabs9V.exe |
Binary or memory string: OriginalFileName vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 00000016.00000000.466532006.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: loKmeabs9V.exe |
Binary or memory string: OriginalFilename vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 00000017.00000002.470454955.000000000041B000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamemspass.exe8 vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 00000017.00000000.468896528.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: loKmeabs9V.exe, 00000018.00000000.470164942.0000000000417000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: loKmeabs9V.exe |
Binary or memory string: OriginalFilenameTROSSKIFTERNES.exe vs loKmeabs9V.exe |
Source: unknown |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe 'C:\Users\user\Desktop\loKmeabs9V.exe' |
|
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe 'C:\Users\user\Desktop\loKmeabs9V.exe' |
|
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\syqduvyml' |
|
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\cawvvojfhdxf' |
|
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\fubgoguhvlpsyny' |
|
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe 'C:\Users\user\Desktop\loKmeabs9V.exe' |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\syqduvyml' |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\cawvvojfhdxf' |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process created: C:\Users\user\Desktop\loKmeabs9V.exe C:\Users\user\Desktop\loKmeabs9V.exe /stext 'C:\Users\user\AppData\Local\Temp\fubgoguhvlpsyny' |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_00404DCC push edx; iretd |
0_2_00404DD6 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 0_2_004059BD push F32E5D69h; retf |
0_2_004059D0 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044693D push ecx; ret |
22_2_0044694D |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044DB70 push eax; ret |
22_2_0044DB84 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_0044DB70 push eax; ret |
22_2_0044DBAC |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 22_2_00451D54 push eax; ret |
22_2_00451D61 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00414060 push eax; ret |
23_2_00414074 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00414060 push eax; ret |
23_2_0041409C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00414039 push ecx; ret |
23_2_00414049 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_004164EB push 0000006Ah; retf |
23_2_004165C4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00416553 push 0000006Ah; retf |
23_2_004165C4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 23_2_00416555 push 0000006Ah; retf |
23_2_004165C4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_00444355 push ecx; ret |
24_2_00444365 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004446D0 push eax; ret |
24_2_004446E4 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_004446D0 push eax; ret |
24_2_0044470C |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Code function: 24_2_0044AC84 push eax; ret |
24_2_0044AC91 |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B88DF second address: 00000000022B88F0 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a sub byte ptr [eax], 00000016h 0x0000000d pushad 0x0000000e lfence 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B62EB second address: 00000000022B62EB instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B73B0 second address: 00000000022B73B0 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B71DE second address: 00000000022B71DE instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp bx, dx 0x0000000d jne 00007F72D4EAA1F5h 0x0000000f push dword ptr [esp+04h] 0x00000013 call 00007F72D4EAA40Bh 0x00000018 pushad 0x00000019 nop 0x0000001a nop 0x0000001b mov eax, 00000001h 0x00000020 cpuid 0x00000022 popad 0x00000023 mov ebx, dword ptr [esp+04h] 0x00000027 xor ecx, ecx 0x00000029 add ecx, 02h 0x0000002c cmp word ptr [ebx+ecx], 0000h 0x00000031 jne 00007F72D4EAA218h 0x00000033 add ecx, 02h 0x00000036 cmp word ptr [ebx+ecx], 0000h 0x0000003b jne 00007F72D4EAA218h 0x0000003d add ecx, 02h 0x00000040 cmp word ptr [ebx+ecx], 0000h 0x00000045 jne 00007F72D4EAA218h 0x00000047 add ecx, 02h 0x0000004a cmp word ptr [ebx+ecx], 0000h 0x0000004f jne 00007F72D4EAA218h 0x00000051 add ecx, 02h 0x00000054 cmp word ptr [ebx+ecx], 0000h 0x00000059 jne 00007F72D4EAA218h 0x0000005b add ecx, 02h 0x0000005e cmp word ptr [ebx+ecx], 0000h 0x00000063 jne 00007F72D4EAA218h 0x00000065 add ecx, 02h 0x00000068 cmp word ptr [ebx+ecx], 0000h 0x0000006d jne 00007F72D4EAA218h 0x0000006f retn 0004h 0x00000072 sub ecx, 02h 0x00000075 add eax, 02h 0x00000078 cmp esi, 68CDCEE6h 0x0000007e mov bx, word ptr [eax+ecx] 0x00000082 mov dx, word ptr [esi+ecx] 0x00000086 pushad 0x00000087 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B2448 second address: 00000000022B2448 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000562448 second address: 0000000000562448 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000565FAF second address: 0000000000565FAF instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000569DDA second address: 0000000000569DDA instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B7F30 second address: 00000000022B7F30 instructions: 0x00000000 rdtsc 0x00000002 mov eax, A494EE6Bh 0x00000007 xor eax, 6C4D1677h 0x0000000c xor eax, 6E4EF001h 0x00000011 xor eax, A697081Ch 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F72D4EAA22Ah 0x0000001e lfence 0x00000021 mov edx, 2EA7C992h 0x00000026 xor edx, 079D8C51h 0x0000002c xor edx, 2142E10Eh 0x00000032 xor edx, 7786A4D9h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d cmp dx, ax 0x00000040 ret 0x00000041 sub edx, esi 0x00000043 ret 0x00000044 cmp cl, dl 0x00000046 add edi, edx 0x00000048 dec dword ptr [ebp+000000F8h] 0x0000004e cmp dword ptr [ebp+000000F8h], 00000000h 0x00000055 jne 00007F72D4EAA208h 0x00000057 test eax, ebx 0x00000059 call 00007F72D4EAA26Fh 0x0000005e call 00007F72D4EAA24Bh 0x00000063 lfence 0x00000066 mov edx, 2EA7C992h 0x0000006b xor edx, 079D8C51h 0x00000071 xor edx, 2142E10Eh 0x00000077 xor edx, 7786A4D9h 0x0000007d mov edx, dword ptr [edx] 0x0000007f lfence 0x00000082 cmp dx, ax 0x00000085 ret 0x00000086 mov esi, edx 0x00000088 pushad 0x00000089 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B7F7B second address: 00000000022B7F7B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 012985CBh 0x00000013 xor eax, 524C1329h 0x00000018 add eax, C04F8477h 0x0000001d sub eax, 13B51B58h 0x00000022 cpuid 0x00000024 test dx, bx 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F72D4A95E56h 0x00000031 popad 0x00000032 call 00007F72D4A958CFh 0x00000037 lfence 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B88DF second address: 00000000022B88F0 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a sub byte ptr [eax], 00000016h 0x0000000d pushad 0x0000000e lfence 0x00000011 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B88F0 second address: 00000000022B8A77 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp eax, 6AACECEFh 0x00000010 mov eax, dword ptr [esp+1Ch] 0x00000014 mov byte ptr [eax], 00000006h 0x00000017 xor byte ptr [eax], 00000055h 0x0000001a add byte ptr [eax], 00000051h 0x0000001d sub byte ptr [eax], 0000003Ah 0x00000020 mov byte ptr [eax+01h], FFFFFFD2h 0x00000024 xor byte ptr [eax+01h], 00000000h 0x00000028 cmp ah, dh 0x0000002a xor byte ptr [eax+01h], FFFFFFEEh 0x0000002e jmp 00007F72D4A957D9h 0x00000033 cmp cl, 00000013h 0x00000036 add byte ptr [eax+01h], FFFFFFC4h 0x0000003a mov byte ptr [eax+02h], 0000007Eh 0x0000003e cmp bx, 1188h 0x00000043 xor byte ptr [eax+02h], 00000067h 0x00000047 cmp ax, 000008E1h 0x0000004b cmp ax, cx 0x0000004e xor byte ptr [eax+02h], FFFFFFD8h 0x00000052 pushad 0x00000053 mov al, 9Ah 0x00000055 cmp al, 9Ah 0x00000057 jne 00007F72D4A9693Bh 0x0000005d popad 0x0000005e sub byte ptr [eax+02h], 00000009h 0x00000062 mov edx, dword ptr [ebp+00000138h] 0x00000068 mov dword ptr [eax+03h], edx 0x0000006b pushad 0x0000006c mov eax, 000000EDh 0x00000071 cpuid 0x00000073 popad 0x00000074 mov byte ptr [eax+07h], FFFFFFE2h 0x00000078 xor byte ptr [eax+07h], 00000026h 0x0000007c sub byte ptr [eax+07h], FFFFFF9Fh 0x00000080 xor byte ptr [eax+07h], FFFFFFDAh 0x00000084 test al, al 0x00000086 test dh, ch 0x00000088 mov byte ptr [eax+08h], 0000001Dh 0x0000008c xor byte ptr [eax+08h], FFFFFFACh 0x00000090 add byte ptr [eax+08h], 00000028h 0x00000094 sub byte ptr [eax+08h], 00000009h 0x00000098 cmp dx, B8CFh 0x0000009d pushad 0x0000009e mov edx, 0000005Dh 0x000000a3 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B62EB second address: 00000000022B62EB instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B73B0 second address: 00000000022B73B0 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B71DE second address: 00000000022B71DE instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp bx, dx 0x0000000d jne 00007F72D4EAA1F5h 0x0000000f push dword ptr [esp+04h] 0x00000013 call 00007F72D4EAA40Bh 0x00000018 pushad 0x00000019 nop 0x0000001a nop 0x0000001b mov eax, 00000001h 0x00000020 cpuid 0x00000022 popad 0x00000023 mov ebx, dword ptr [esp+04h] 0x00000027 xor ecx, ecx 0x00000029 add ecx, 02h 0x0000002c cmp word ptr [ebx+ecx], 0000h 0x00000031 jne 00007F72D4EAA218h 0x00000033 add ecx, 02h 0x00000036 cmp word ptr [ebx+ecx], 0000h 0x0000003b jne 00007F72D4EAA218h 0x0000003d add ecx, 02h 0x00000040 cmp word ptr [ebx+ecx], 0000h 0x00000045 jne 00007F72D4EAA218h 0x00000047 add ecx, 02h 0x0000004a cmp word ptr [ebx+ecx], 0000h 0x0000004f jne 00007F72D4EAA218h 0x00000051 add ecx, 02h 0x00000054 cmp word ptr [ebx+ecx], 0000h 0x00000059 jne 00007F72D4EAA218h 0x0000005b add ecx, 02h 0x0000005e cmp word ptr [ebx+ecx], 0000h 0x00000063 jne 00007F72D4EAA218h 0x00000065 add ecx, 02h 0x00000068 cmp word ptr [ebx+ecx], 0000h 0x0000006d jne 00007F72D4EAA218h 0x0000006f retn 0004h 0x00000072 sub ecx, 02h 0x00000075 add eax, 02h 0x00000078 cmp esi, 68CDCEE6h 0x0000007e mov bx, word ptr [eax+ecx] 0x00000082 mov dx, word ptr [esi+ecx] 0x00000086 pushad 0x00000087 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000022B2448 second address: 00000000022B2448 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000567F30 second address: 0000000000567F30 instructions: 0x00000000 rdtsc 0x00000002 mov eax, A494EE6Bh 0x00000007 xor eax, 6C4D1677h 0x0000000c xor eax, 6E4EF001h 0x00000011 xor eax, A697081Ch 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F72D4EAA22Ah 0x0000001e lfence 0x00000021 mov edx, 2EA7C992h 0x00000026 xor edx, 079D8C51h 0x0000002c xor edx, 2142E10Eh 0x00000032 xor edx, 7786A4D9h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d cmp dx, ax 0x00000040 ret 0x00000041 sub edx, esi 0x00000043 ret 0x00000044 cmp cl, dl 0x00000046 add edi, edx 0x00000048 dec dword ptr [ebp+000000F8h] 0x0000004e cmp dword ptr [ebp+000000F8h], 00000000h 0x00000055 jne 00007F72D4EAA208h 0x00000057 test eax, ebx 0x00000059 call 00007F72D4EAA26Fh 0x0000005e call 00007F72D4EAA24Bh 0x00000063 lfence 0x00000066 mov edx, 2EA7C992h 0x0000006b xor edx, 079D8C51h 0x00000071 xor edx, 2142E10Eh 0x00000077 xor edx, 7786A4D9h 0x0000007d mov edx, dword ptr [edx] 0x0000007f lfence 0x00000082 cmp dx, ax 0x00000085 ret 0x00000086 mov esi, edx 0x00000088 pushad 0x00000089 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000567F7B second address: 0000000000567F7B instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 012985CBh 0x00000013 xor eax, 524C1329h 0x00000018 add eax, C04F8477h 0x0000001d sub eax, 13B51B58h 0x00000022 cpuid 0x00000024 test dx, bx 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F72D4A95E56h 0x00000031 popad 0x00000032 call 00007F72D4A958CFh 0x00000037 lfence 0x0000003a rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 00000000005688F0 second address: 0000000000568A77 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp eax, 6AACECEFh 0x00000010 mov eax, dword ptr [esp+1Ch] 0x00000014 mov byte ptr [eax], 00000006h 0x00000017 xor byte ptr [eax], 00000055h 0x0000001a add byte ptr [eax], 00000051h 0x0000001d sub byte ptr [eax], 0000003Ah 0x00000020 mov byte ptr [eax+01h], FFFFFFD2h 0x00000024 xor byte ptr [eax+01h], 00000000h 0x00000028 cmp ah, dh 0x0000002a xor byte ptr [eax+01h], FFFFFFEEh 0x0000002e jmp 00007F72D4EAA309h 0x00000033 cmp cl, 00000013h 0x00000036 add byte ptr [eax+01h], FFFFFFC4h 0x0000003a mov byte ptr [eax+02h], 0000007Eh 0x0000003e cmp bx, 1188h 0x00000043 xor byte ptr [eax+02h], 00000067h 0x00000047 cmp ax, 000008E1h 0x0000004b cmp ax, cx 0x0000004e xor byte ptr [eax+02h], FFFFFFD8h 0x00000052 pushad 0x00000053 mov al, 9Ah 0x00000055 cmp al, 9Ah 0x00000057 jne 00007F72D4EAB46Bh 0x0000005d popad 0x0000005e sub byte ptr [eax+02h], 00000009h 0x00000062 mov edx, dword ptr [ebp+00000138h] 0x00000068 mov dword ptr [eax+03h], edx 0x0000006b pushad 0x0000006c mov eax, 000000EDh 0x00000071 cpuid 0x00000073 popad 0x00000074 mov byte ptr [eax+07h], FFFFFFE2h 0x00000078 xor byte ptr [eax+07h], 00000026h 0x0000007c sub byte ptr [eax+07h], FFFFFF9Fh 0x00000080 xor byte ptr [eax+07h], FFFFFFDAh 0x00000084 test al, al 0x00000086 test dh, ch 0x00000088 mov byte ptr [eax+08h], 0000001Dh 0x0000008c xor byte ptr [eax+08h], FFFFFFACh 0x00000090 add byte ptr [eax+08h], 00000028h 0x00000094 sub byte ptr [eax+08h], 00000009h 0x00000098 cmp dx, B8CFh 0x0000009d pushad 0x0000009e mov edx, 0000005Dh 0x000000a3 rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000562448 second address: 0000000000562448 instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000565FAF second address: 0000000000565FAF instructions: |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000569D77 second address: 0000000000569D95 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov eax, B8F5A615h 0x00000010 xor eax, 6BC0978Fh 0x00000015 sub eax, FE90C053h 0x0000001a pushad 0x0000001b lfence 0x0000001e rdtsc |
Source: C:\Users\user\Desktop\loKmeabs9V.exe |
RDTSC instruction interceptor: First address: 0000000000569DDA second address: 0000000000569DDA instructions: |