Source: svchost.exe, 00000009.00000002.442045893.0000025327813000.00000004.00000001.sdmp |
String found in binary or memory: http://www.bingmapsportal.com |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://%s.dnet.xboxlive.com |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://%s.xboxlive.com |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://%s.xboxlive.comedsds |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://activity.windows.com |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 00000006.00000002.789636149.0000029A10E41000.00000004.00000001.sdmp |
String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 00000009.00000003.416792415.000002532784C000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.453702600.000002532784D000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000009.00000003.416816556.0000025327843000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416808229.0000025327842000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452132349.0000025327844000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/ |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/ |
Source: svchost.exe, 00000009.00000003.416816556.0000025327843000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416808229.0000025327842000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452132349.0000025327844000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/ |
Source: svchost.exe, 00000009.00000002.458492938.000002532786B000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.408039178.0000025327869000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/ |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000009.00000003.416816556.0000025327843000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416808229.0000025327842000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452132349.0000025327844000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/ |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/ |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/ |
Source: svchost.exe, 00000009.00000002.456984917.0000025327861000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416788411.0000025327860000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/ |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n= |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx |
Source: svchost.exe, 00000009.00000003.416808229.0000025327842000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416797192.0000025327849000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452899257.000002532784A000.00000004.00000001.sdmp |
String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? |
Source: svchost.exe, 00000009.00000003.416792415.000002532784C000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.453702600.000002532784D000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000009.00000003.416797192.0000025327849000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452899257.000002532784A000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000009.00000003.416797192.0000025327849000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452899257.000002532784A000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000009.00000003.416777135.0000025327865000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.t |
Source: svchost.exe, 00000009.00000003.416784873.0000025327863000.00000004.00000001.sdmp |
String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000009.00000003.416816556.0000025327843000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416808229.0000025327842000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.452132349.0000025327844000.00000004.00000001.sdmp |
String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= |
Source: svchost.exe, 00000009.00000002.451524746.0000025327841000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx |
Source: svchost.exe, 00000009.00000002.446534383.0000025327829000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000009.00000003.361410520.0000025327835000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000009.00000003.361410520.0000025327835000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000009.00000003.361410520.0000025327835000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= |
Source: svchost.exe, 00000009.00000003.361410520.0000025327835000.00000004.00000001.sdmp, svchost.exe, 00000009.00000002.450654860.000002532783E000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen |
Source: svchost.exe, 00000009.00000002.454706391.0000025327856000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416769653.0000025327850000.00000004.00000001.sdmp, svchost.exe, 00000009.00000003.416821086.0000025327855000.00000004.00000001.sdmp |
String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA06EF |
0_2_00FA06EF |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9ED95 |
0_2_00F9ED95 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA20F8 |
0_2_00FA20F8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8E6FD |
0_2_00F8E6FD |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8BEF5 |
0_2_00F8BEF5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8A8E8 |
0_2_00F8A8E8 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F97EDD |
0_2_00F97EDD |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA0AD3 |
0_2_00FA0AD3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F854C0 |
0_2_00F854C0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8AEB9 |
0_2_00F8AEB9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9B0BA |
0_2_00F9B0BA |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F93ABE |
0_2_00F93ABE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F956A9 |
0_2_00F956A9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F868AD |
0_2_00F868AD |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F904A4 |
0_2_00F904A4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8F4A5 |
0_2_00F8F4A5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8F699 |
0_2_00F8F699 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8D899 |
0_2_00F8D899 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8C69B |
0_2_00F8C69B |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F83085 |
0_2_00F83085 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9E478 |
0_2_00F9E478 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA1C71 |
0_2_00FA1C71 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA0C66 |
0_2_00FA0C66 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9645F |
0_2_00F9645F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9604E |
0_2_00F9604E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F83E3B |
0_2_00F83E3B |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9CC3F |
0_2_00F9CC3F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F90A37 |
0_2_00F90A37 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F90824 |
0_2_00F90824 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9BA18 |
0_2_00F9BA18 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F91C12 |
0_2_00F91C12 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA2C16 |
0_2_00FA2C16 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8F20D |
0_2_00F8F20D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F81DF9 |
0_2_00F81DF9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F86BFE |
0_2_00F86BFE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9D5FE |
0_2_00F9D5FE |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F991F7 |
0_2_00F991F7 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8B7EC |
0_2_00F8B7EC |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8FBEF |
0_2_00F8FBEF |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA35E3 |
0_2_00FA35E3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F913DB |
0_2_00F913DB |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9E7DA |
0_2_00F9E7DA |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F989DA |
0_2_00F989DA |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F85DC3 |
0_2_00F85DC3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F839C3 |
0_2_00F839C3 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F94DC5 |
0_2_00F94DC5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F90FC5 |
0_2_00F90FC5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F82DC5 |
0_2_00F82DC5 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F833A9 |
0_2_00F833A9 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9BFA1 |
0_2_00F9BFA1 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F977A7 |
0_2_00F977A7 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F96B91 |
0_2_00F96B91 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8938F |
0_2_00F8938F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8F984 |
0_2_00F8F984 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA1987 |
0_2_00FA1987 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F87D87 |
0_2_00F87D87 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F82B7C |
0_2_00F82B7C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F95B7C |
0_2_00F95B7C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8597D |
0_2_00F8597D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9C772 |
0_2_00F9C772 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F82575 |
0_2_00F82575 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F82176 |
0_2_00F82176 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8996C |
0_2_00F8996C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8196D |
0_2_00F8196D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9F561 |
0_2_00F9F561 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA2560 |
0_2_00FA2560 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F89565 |
0_2_00F89565 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F85166 |
0_2_00F85166 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8DD66 |
0_2_00F8DD66 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F88D59 |
0_2_00F88D59 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8635F |
0_2_00F8635F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA314A |
0_2_00FA314A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA2D4F |
0_2_00FA2D4F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F84F42 |
0_2_00F84F42 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9C145 |
0_2_00F9C145 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F87739 |
0_2_00F87739 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9473A |
0_2_00F9473A |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F93130 |
0_2_00F93130 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8E336 |
0_2_00F8E336 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9CF2C |
0_2_00F9CF2C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F8B12E |
0_2_00F8B12E |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F86125 |
0_2_00F86125 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F98518 |
0_2_00F98518 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F88112 |
0_2_00F88112 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F85314 |
0_2_00F85314 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F84716 |
0_2_00F84716 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9D10B |
0_2_00F9D10B |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00F9710D |
0_2_00F9710D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_00FA3306 |
0_2_00FA3306 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED25980 |
0_2_6ED25980 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED26100 |
0_2_6ED26100 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED4AE28 |
0_2_6ED4AE28 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED51F65 |
0_2_6ED51F65 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED32C70 |
0_2_6ED32C70 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED41D50 |
0_2_6ED41D50 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED22D10 |
0_2_6ED22D10 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED3FD1F |
0_2_6ED3FD1F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED558EF |
0_2_6ED558EF |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED2E6B0 |
0_2_6ED2E6B0 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED557CB |
0_2_6ED557CB |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED50569 |
0_2_6ED50569 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED29380 |
0_2_6ED29380 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED3C366 |
0_2_6ED3C366 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: 0_2_6ED3C132 |
0_2_6ED3C132 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED25980 |
2_2_6ED25980 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED26100 |
2_2_6ED26100 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED4AE28 |
2_2_6ED4AE28 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED51F65 |
2_2_6ED51F65 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED32C70 |
2_2_6ED32C70 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED41D50 |
2_2_6ED41D50 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED22D10 |
2_2_6ED22D10 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED3FD1F |
2_2_6ED3FD1F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED558EF |
2_2_6ED558EF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED2E6B0 |
2_2_6ED2E6B0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED557CB |
2_2_6ED557CB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED50569 |
2_2_6ED50569 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED29380 |
2_2_6ED29380 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED3C366 |
2_2_6ED3C366 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 2_2_6ED3C132 |
2_2_6ED3C132 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E06EF |
3_2_005E06EF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DED95 |
3_2_005DED95 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D645F |
3_2_005D645F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D604E |
3_2_005D604E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DE478 |
3_2_005DE478 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E1C71 |
3_2_005E1C71 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E0C66 |
3_2_005E0C66 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DBA18 |
3_2_005DBA18 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E2C16 |
3_2_005E2C16 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D1C12 |
3_2_005D1C12 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CF20D |
3_2_005CF20D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DCC3F |
3_2_005DCC3F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C3E3B |
3_2_005C3E3B |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D0A37 |
3_2_005D0A37 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D0824 |
3_2_005D0824 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D7EDD |
3_2_005D7EDD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E0AD3 |
3_2_005E0AD3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C54C0 |
3_2_005C54C0 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CE6FD |
3_2_005CE6FD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E20F8 |
3_2_005E20F8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CBEF5 |
3_2_005CBEF5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CA8E8 |
3_2_005CA8E8 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CF699 |
3_2_005CF699 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CD899 |
3_2_005CD899 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CC69B |
3_2_005CC69B |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C3085 |
3_2_005C3085 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D3ABE |
3_2_005D3ABE |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CAEB9 |
3_2_005CAEB9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DB0BA |
3_2_005DB0BA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C68AD |
3_2_005C68AD |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D56A9 |
3_2_005D56A9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D04A4 |
3_2_005D04A4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CF4A5 |
3_2_005CF4A5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C635F |
3_2_005C635F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C8D59 |
3_2_005C8D59 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E2D4F |
3_2_005E2D4F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E314A |
3_2_005E314A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DC145 |
3_2_005DC145 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C4F42 |
3_2_005C4F42 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C2B7C |
3_2_005C2B7C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D5B7C |
3_2_005D5B7C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C597D |
3_2_005C597D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C2575 |
3_2_005C2575 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C2176 |
3_2_005C2176 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DC772 |
3_2_005DC772 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C996C |
3_2_005C996C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C196D |
3_2_005C196D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C9565 |
3_2_005C9565 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C5166 |
3_2_005C5166 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CDD66 |
3_2_005CDD66 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DF561 |
3_2_005DF561 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E2560 |
3_2_005E2560 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D8518 |
3_2_005D8518 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C5314 |
3_2_005C5314 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C4716 |
3_2_005C4716 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C8112 |
3_2_005C8112 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D710D |
3_2_005D710D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DD10B |
3_2_005DD10B |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E3306 |
3_2_005E3306 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C7739 |
3_2_005C7739 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D473A |
3_2_005D473A |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CE336 |
3_2_005CE336 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D3130 |
3_2_005D3130 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DCF2C |
3_2_005DCF2C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CB12E |
3_2_005CB12E |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C6125 |
3_2_005C6125 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D13DB |
3_2_005D13DB |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DE7DA |
3_2_005DE7DA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D89DA |
3_2_005D89DA |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D4DC5 |
3_2_005D4DC5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D0FC5 |
3_2_005D0FC5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C2DC5 |
3_2_005C2DC5 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C5DC3 |
3_2_005C5DC3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C39C3 |
3_2_005C39C3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C6BFE |
3_2_005C6BFE |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DD5FE |
3_2_005DD5FE |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C1DF9 |
3_2_005C1DF9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D91F7 |
3_2_005D91F7 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CB7EC |
3_2_005CB7EC |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CFBEF |
3_2_005CFBEF |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E35E3 |
3_2_005E35E3 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D6B91 |
3_2_005D6B91 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C938F |
3_2_005C938F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005CF984 |
3_2_005CF984 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005E1987 |
3_2_005E1987 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C7D87 |
3_2_005C7D87 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005C33A9 |
3_2_005C33A9 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005D77A7 |
3_2_005D77A7 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: 3_2_005DBFA1 |
3_2_005DBFA1 |
Source: unknown |
Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll" |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,Control_RunDLL |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",#1 |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,agrwqhxohbh |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,aoydsyidkopcdbcv |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p |
|
Source: unknown |
Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc |
|
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable |
|
Source: C:\Program Files\Windows Defender\MpCmdRun.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Itfgfdekendecpnp\cibm.oux",wUSgoatRqMcfEKj |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
|
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
|
Source: unknown |
Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc |
|
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",#1 |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,Control_RunDLL |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,agrwqhxohbh |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\P5LROPCURK.dll,aoydsyidkopcdbcv |
Jump to behavior |
Source: C:\Windows\System32\loaddll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",#1 |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Itfgfdekendecpnp\cibm.oux",wUSgoatRqMcfEKj |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\P5LROPCURK.dll",Control_RunDLL |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED26134 second address: 000000006ED26168 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD23CD6A744h 0x0000000a mov edi, 00D66F8Ch 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED279F7 second address: 000000006ED27A0A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD23C7587EEh 0x00000007 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED27A0A second address: 000000006ED279F7 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD23CD76E67h 0x00000014 cmp ecx, dword ptr [6ED6D008h] 0x0000001a jne 00007FD23CD6A723h 0x0000001c ret 0x0000001d mov esp, ebp 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov cl, byte ptr [esi] 0x00000023 mov edi, eax 0x00000025 cmp cl, 00000061h 0x00000028 jc 00007FD23CD6A72Fh 0x0000002a movzx eax, cl 0x0000002d add edi, FFFFFFE0h 0x00000030 add edi, eax 0x00000032 jmp 00007FD23CD6A882h 0x00000037 mov eax, dword ptr [ebp-14h] 0x0000003a mov ecx, dword ptr [ebp-18h] 0x0000003d cdq 0x0000003e sub eax, edx 0x00000040 sar eax, 1 0x00000042 cmp eax, ecx 0x00000044 jl 00007FD23CD6A8EEh 0x0000004a add ebx, 0000FFFFh 0x00000050 inc esi 0x00000051 test bx, bx 0x00000054 jne 00007FD23CD6A57Eh 0x0000005a mov eax, dword ptr [ebp-14h] 0x0000005d cmp eax, ecx 0x0000005f cmovle eax, ecx 0x00000062 mov ecx, edi 0x00000064 mov dword ptr [ebp-14h], eax 0x00000067 call 00007FD23CD6BC83h 0x0000006c push ebp 0x0000006d mov ebp, esp 0x0000006f and esp, FFFFFFF8h 0x00000072 sub esp, 0Ch 0x00000075 mov eax, dword ptr [6ED6D008h] 0x0000007a xor eax, esp 0x0000007c mov dword ptr [esp+08h], eax 0x00000080 push esi 0x00000081 mov esi, ecx 0x00000083 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED26134 second address: 000000006ED26168 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD23C758804h 0x0000000a mov edi, 00D66F8Ch 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED279F7 second address: 000000006ED27A0A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD23CD6A72Eh 0x00000007 rdtscp |
Source: C:\Windows\SysWOW64\rundll32.exe |
RDTSC instruction interceptor: First address: 000000006ED27A0A second address: 000000006ED279F7 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD23C764F27h 0x00000014 cmp ecx, dword ptr [6ED6D008h] 0x0000001a jne 00007FD23C7587E3h 0x0000001c ret 0x0000001d mov esp, ebp 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov cl, byte ptr [esi] 0x00000023 mov edi, eax 0x00000025 cmp cl, 00000061h 0x00000028 jc 00007FD23C7587EFh 0x0000002a movzx eax, cl 0x0000002d add edi, FFFFFFE0h 0x00000030 add edi, eax 0x00000032 jmp 00007FD23C758942h 0x00000037 mov eax, dword ptr [ebp-14h] 0x0000003a mov ecx, dword ptr [ebp-18h] 0x0000003d cdq 0x0000003e sub eax, edx 0x00000040 sar eax, 1 0x00000042 cmp eax, ecx 0x00000044 jl 00007FD23C7589AEh 0x0000004a add ebx, 0000FFFFh 0x00000050 inc esi 0x00000051 test bx, bx 0x00000054 jne 00007FD23C75863Eh 0x0000005a mov eax, dword ptr [ebp-14h] 0x0000005d cmp eax, ecx 0x0000005f cmovle eax, ecx 0x00000062 mov ecx, edi 0x00000064 mov dword ptr [ebp-14h], eax 0x00000067 call 00007FD23C759D43h 0x0000006c push ebp 0x0000006d mov ebp, esp 0x0000006f and esp, FFFFFFF8h 0x00000072 sub esp, 0Ch 0x00000075 mov eax, dword ptr [6ED6D008h] 0x0000007a xor eax, esp 0x0000007c mov dword ptr [esp+08h], eax 0x00000080 push esi 0x00000081 mov esi, ecx 0x00000083 rdtscp |
Source: C:\Windows\System32\loaddll32.exe |
RDTSC instruction interceptor: First address: 000000006ED26134 second address: 000000006ED26168 instructions: 0x00000000 rdtscp 0x00000003 mov dword ptr [ebp-08h], ecx 0x00000006 test edx, edx 0x00000008 jne 00007FD23CD6A744h 0x0000000a mov edi, 00D66F8Ch 0x0000000f mov dword ptr [ebp-14h], edi 0x00000012 rdtscp |
Source: C:\Windows\System32\loaddll32.exe |
RDTSC instruction interceptor: First address: 000000006ED279F7 second address: 000000006ED27A0A instructions: 0x00000000 rdtscp 0x00000003 test edx, edx 0x00000005 jnbe 00007FD23C7587EEh 0x00000007 rdtscp |
Source: C:\Windows\System32\loaddll32.exe |
RDTSC instruction interceptor: First address: 000000006ED27A0A second address: 000000006ED279F7 instructions: 0x00000000 rdtscp 0x00000003 mov ecx, dword ptr [esp+0Ch] 0x00000007 ror esi, 0Dh 0x0000000a mov eax, esi 0x0000000c pop esi 0x0000000d xor ecx, esp 0x0000000f call 00007FD23CD76E67h 0x00000014 cmp ecx, dword ptr [6ED6D008h] 0x0000001a jne 00007FD23CD6A723h 0x0000001c ret 0x0000001d mov esp, ebp 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov cl, byte ptr [esi] 0x00000023 mov edi, eax 0x00000025 cmp cl, 00000061h 0x00000028 jc 00007FD23CD6A72Fh 0x0000002a movzx eax, cl 0x0000002d add edi, FFFFFFE0h 0x00000030 add edi, eax 0x00000032 jmp 00007FD23CD6A882h 0x00000037 mov eax, dword ptr [ebp-14h] 0x0000003a mov ecx, dword ptr [ebp-18h] 0x0000003d cdq 0x0000003e sub eax, edx 0x00000040 sar eax, 1 0x00000042 cmp eax, ecx 0x00000044 jl 00007FD23CD6A8EEh 0x0000004a add ebx, 0000FFFFh 0x00000050 inc esi 0x00000051 test bx, bx 0x00000054 jne 00007FD23CD6A57Eh 0x0000005a mov eax, dword ptr [ebp-14h] 0x0000005d cmp eax, ecx 0x0000005f cmovle eax, ecx 0x00000062 mov ecx, edi 0x00000064 mov dword ptr [ebp-14h], eax 0x00000067 call 00007FD23CD6BC83h 0x0000006c push ebp 0x0000006d mov ebp, esp 0x0000006f and esp, FFFFFFF8h 0x00000072 sub esp, 0Ch 0x00000075 mov eax, dword ptr [6ED6D008h] 0x0000007a xor eax, esp 0x0000007c mov dword ptr [esp+08h], eax 0x00000080 push esi 0x00000081 mov esi, ecx 0x00000083 rdtscp |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW, |
0_2_6ED54EAC |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW, |
0_2_6ED4CE41 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_6ED54F7F |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW, |
0_2_6ED54C7C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_6ED54DA4 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_6ED54A27 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: EnumSystemLocalesW, |
0_2_6ED548B6 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetLocaleInfoW, |
0_2_6ED5480D |
Source: C:\Windows\System32\loaddll32.exe |
Code function: EnumSystemLocalesW, |
0_2_6ED5499C |
Source: C:\Windows\System32\loaddll32.exe |
Code function: EnumSystemLocalesW, |
0_2_6ED4C982 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: EnumSystemLocalesW, |
0_2_6ED54901 |
Source: C:\Windows\System32\loaddll32.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_6ED54610 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6ED54EAC |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6ED4CE41 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
2_2_6ED54F7F |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6ED54C7C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
2_2_6ED54DA4 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
2_2_6ED54A27 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6ED548B6 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetLocaleInfoW, |
2_2_6ED5480D |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6ED5499C |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6ED4C982 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: EnumSystemLocalesW, |
2_2_6ED54901 |
Source: C:\Windows\SysWOW64\rundll32.exe |
Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
2_2_6ED54610 |