Source: pago12_14299038859.exe, 00000000.00000002.1196818293.0000000002930000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameFort.exeFE2X vs pago12_14299038859.exe |
Source: pago12_14299038859.exe, 00000000.00000000.669780195.000000000042B000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameFort.exe vs pago12_14299038859.exe |
Source: pago12_14299038859.exe | Binary or memory string: OriginalFilenameFort.exe vs pago12_14299038859.exe |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2841D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2D38F |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D204CA |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28498 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2749D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C4BD |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C45D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28441 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D205C3 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D265C9 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26589 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D20549 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2057D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D20517 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C509 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D236F8 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C66C |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2663D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26759 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C70E |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D260CA |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D260F6 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D29085 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C052 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2706B |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26005 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28180 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C2E9 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28255 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C259 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26214 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C226 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C3D1 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D263ED |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2838C |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C37D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2632E |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26C93 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D27C39 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26DC9 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26EE9 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D25F92 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26F8D |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D268D1 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D269B1 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D259A7 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D289A8 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26951 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2595B |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28A90 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26A75 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28A15 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28BD1 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D25BF0 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D25BB1 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28B59 |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D26B4E |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2841D NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D284D9 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28498 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28441 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28551 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28663 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28621 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D28255 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2838C NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_00406471 push edi; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_00409011 push esp; retf |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_0040682F push esi; retf |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_0040A490 push ds; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_004079F6 push eax; retf |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_004055BF push ds; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_00405ECC push ebp; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_00407F27 push edi; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_00407FBA push eax; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2747D pushfd ; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D27404 pushfd ; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D200CA push 5D54C3DCh; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D29157 push E8BBB633h; retf 001Bh |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D24344 push 8122E3ECh; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D27371 pushfd ; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D27368 pushfd ; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D21F01 push esi; ret |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D29B93 pushfd ; iretd |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | RDTSC instruction interceptor: First address: 0000000004D27C16 second address: 0000000004D27C16 instructions: 0x00000000 rdtsc 0x00000002 mov eax, B4901491h 0x00000007 sub eax, 05E3F0C7h 0x0000000c xor eax, 8F9A272Fh 0x00000011 sub eax, 213604E4h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F6BBC38AE6Dh 0x0000001e lfence 0x00000021 mov edx, 238EE826h 0x00000026 sub edx, 0388C43Eh 0x0000002c xor edx, E448541Bh 0x00000032 xor edx, BBB077E7h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d ret 0x0000003e sub edx, esi 0x00000040 ret 0x00000041 pop ecx 0x00000042 add edi, edx 0x00000044 dec ecx 0x00000045 mov dword ptr [ebp+00000229h], AD8B339Ah 0x0000004f xor dword ptr [ebp+00000229h], 22419229h 0x00000059 xor dword ptr [ebp+00000229h], 3996C157h 0x00000063 sub dword ptr [ebp+00000229h], B65C60E4h 0x0000006d cmp ecx, dword ptr [ebp+00000229h] 0x00000073 jne 00007F6BBC38AD87h 0x00000075 cmp cx, ax 0x00000078 mov dword ptr [ebp+0000020Bh], ebx 0x0000007e mov ebx, ecx 0x00000080 push ebx 0x00000081 mov ebx, dword ptr [ebp+0000020Bh] 0x00000087 jmp 00007F6BBC38AE2Eh 0x00000089 cmp dl, bl 0x0000008b call 00007F6BBC38AE71h 0x00000090 call 00007F6BBC38AE8Eh 0x00000095 lfence 0x00000098 mov edx, 238EE826h 0x0000009d sub edx, 0388C43Eh 0x000000a3 xor edx, E448541Bh 0x000000a9 xor edx, BBB077E7h 0x000000af mov edx, dword ptr [edx] 0x000000b1 lfence 0x000000b4 ret 0x000000b5 mov esi, edx 0x000000b7 pushad 0x000000b8 rdtsc |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2B2F5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C259 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2C226 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D2ACF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\pago12_14299038859.exe | Code function: 0_2_04D27A41 mov eax, dword ptr fs:[00000030h] |
Source: pago12_14299038859.exe, 00000000.00000002.1196704342.0000000000C40000.00000002.00020000.sdmp | Binary or memory string: Program Manager |
Source: pago12_14299038859.exe, 00000000.00000002.1196704342.0000000000C40000.00000002.00020000.sdmp | Binary or memory string: Shell_TrayWnd |
Source: pago12_14299038859.exe, 00000000.00000002.1196704342.0000000000C40000.00000002.00020000.sdmp | Binary or memory string: Progman |
Source: pago12_14299038859.exe, 00000000.00000002.1196704342.0000000000C40000.00000002.00020000.sdmp | Binary or memory string: Progmanlock |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.