Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.000000000155E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php |
Source: axplong.exe, 00000012.00000002.3270683057.000000000155E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php- |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php32 |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php4z |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpG |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpTemp |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpahR=. |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpeZR |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/2020.exe |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/25072023.exe |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/25072023.exe2 |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/5447jsX.exeN |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/5447jsX.exed |
Source: axplong.exe, 00000012.00000002.3270683057.000000000150B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/build.exe |
Source: axplong.exe, 00000012.00000002.3270683057.000000000150B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/build.exeYH |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/buildred.exe |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/buildred.exeL |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/crypted.exe |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/crypted.exeo |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/crypteda.exe |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/crypteda.exe?x |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/gawdth.exe |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/gawdth.exelF~n# |
Source: axplong.exe, 00000012.00000002.3270683057.00000000015D9000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/gawdth.exeu |
Source: axplong.exe, 00000012.00000002.3285482105.0000000006320000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/inc/pered.exe |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/mine/random.exe |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/mine/random.exe6Uf |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D8D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/soka/random.exe |
Source: file.exe, 00000000.00000002.2464131529.0000000028D8D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/soka/random.exe2 |
Source: explorti.exe, 00000013.00000002.3270790823.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/stealc/random.exe |
Source: explorti.exe, 00000013.00000002.3270790823.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/stealc/random.exedgG |
Source: explorti.exe, 00000013.00000002.3270790823.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/stealc/random.exencodedcgN |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/well/random.exe |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.16/well/random.exeB |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/ |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/6165 |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Local |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3270790823.0000000001858000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php. |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php0_ |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php17001 |
Source: explorti.exe, 00000013.00000002.3270790823.000000000186E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php; |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpN |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpWe |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpf |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpn |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phptch |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpx |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/Vi9leo/index.php~ |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#3. |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#U. |
Source: explorti.exe, 00000013.00000002.3270790823.00000000018C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/d |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/fac00b58987e8fcf7b8c730804042ba5ce902415453 |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/ferences.SourceAumid1e/x |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/l |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/lfons |
Source: explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://185.215.113.19/ows |
Source: file.exe, 00000000.00000002.2441600215.000000000043C000.00000040.00000001.01000000.00000003.sdmp, 97a671ae5d.exe, 00000014.00000002.2744668224.00000000025EE000.00000004.00000020.00020000.00000000.sdmp, 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31 |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp, 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp, 97a671ae5d.exe, 00000014.00000002.2744968028.000000000264A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/ |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.000000000264A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php |
Source: file.exe, 00000000.00000002.2464131529.0000000028D8D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php2 |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php2L |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php8Rx |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php=U |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpGR |
Source: file.exe, 00000000.00000002.2469209996.0000000035220000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpQ |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpZL |
Source: file.exe, 00000000.00000002.2441600215.00000000005AD000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phposition: |
Source: file.exe, 00000000.00000002.2469209996.0000000035220000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpp |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.000000000264A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phps |
Source: file.exe, 00000000.00000002.2469209996.0000000035220000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/5499d72b3i |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll$3 |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll |
Source: file.exe, 00000000.00000002.2443375443.0000000002607000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dllR |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllll |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dllAw |
Source: file.exe, 00000000.00000002.2441600215.000000000046A000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/SSC: |
Source: file.exe, 00000000.00000002.2443375443.000000000263A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/pr |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.000000000264A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31/ro2s |
Source: file.exe, 00000000.00000002.2441600215.00000000005AD000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phposition: |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31h |
Source: 97a671ae5d.exe, 00000014.00000002.2744668224.00000000025EE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://85.28.47.31lN$KsW5 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/ |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3097971992.000002606F800000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://docs.aiohttp.org/en/stable/logging.html#format-specification |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.aiohttp.org/en/stable/logging.html#format-specificationauvloopaset_event_loop_policyaEve |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://httpbin.org/post |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/json |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/jsonacityatimezoneaispaorgaasuMain.GetNetworkInfoT |
Source: stub.exe, 00000019.00000003.3025477729.000002606E70F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://json.org |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0N |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000006DE000.00000040.00000001.01000000.00000011.sdmp, 342db65350.exe, 00000017.00000000.2736849521.000000000097E000.00000080.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000006DE000.00000040.00000001.01000000.00000011.sdmp, 342db65350.exe, 00000017.00000000.2736849521.000000000097E000.00000080.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000006DE000.00000040.00000001.01000000.00000011.sdmp, 342db65350.exe, 00000017.00000000.2736849521.000000000097E000.00000080.00000001.01000000.00000011.sdmp |
String found in binary or memory: http://pki-ocsp.symauth.com0 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://python.org |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://python.org/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://python.org:80 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://speleotrove.com/decimal/decarith.html |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3047040170.000002606E860000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3046738501.000002606E760000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html |
Source: file.exe, file.exe, 00000000.00000002.2470169805.000000006C61D000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: http://www.mozilla.com/en-US/blocklist/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3046738501.000002606E760000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm |
Source: file.exe, 00000000.00000002.2469773266.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456834295.000000001CBAA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.sqlite.org/copyright.html. |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://wwwsearch.sf.net/): |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.riotgames.com/api/account/v1/user |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://account.riotgames.com/api/account/v1/userT |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://accounts.reddit.com/api/access_token |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://accounts.reddit.com/api/access_tokenaaccess_tokenuandroid:com.example.myredditapp:v1.2.3uBea |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/IPlayerService/GetOwnedGames/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9 |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743. |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3091985685.000002606F17B000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3018700794.000002606F17A000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://bugs.python.org/issue37179 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/avatars/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/avatars/u.pngu.gifuunsupported |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://coe.com.vn/ |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.000000000154A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://coe.com.vn/tmp/2.exe |
Source: axplong.exe, 00000012.00000002.3270683057.000000000154A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://coe.com.vn/tmp/2.exe9rl |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://coe.com.vn/tmp/2.exePw;. |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://coe.com.vn/tmp/2.exefdm |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg |
Source: build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3098111936.000002606F920000.00000004.00001000.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3098111936.000002606F9FC000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v8/guilds/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v8/guilds/u/invitesainvitesuhttps://discord.gg/acodeuhttps://t.me/monster_fr |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v8/users/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v9/users/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.gg/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detection |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#character-set-detectionaDeprecationWarningD |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3091985685.000002606F17B000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3018700794.000002606F17A000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3025477729.000002606E70F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.python.org/3.7/library/asyncio-eventloop.html |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3096267679.000002606F4A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSION |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.python.org/3/library/ssl.html#ssl.OP_NO_COMPRESSIONaset_default_verify_pathsuSSL |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://economy.roblox.com/v1/users/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://filepreviews.io/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3093364671.000002606F235000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020784420.000002606F235000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Ousret/charset_normalizer |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3091985685.000002606F17B000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3018700794.000002606F17A000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/pyca/cryptography/issues |
Source: build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/pyca/cryptography/issues/8996 |
Source: build.exe, 00000018.00000003.2773862520.0000020781E6D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/pyca/cryptography/issues/9253 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1141) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1158) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1165) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1172) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1187) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1200) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/1203) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/136 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/251 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/issues/428 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3091985685.000002606F17B000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3018700794.000002606F17A000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3072092053.000002606ED60000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/python/cpython/pull/28073 |
Source: stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/sponsors/hynek |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/sponsors/hynek). |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gql.twitch.tv/gql |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://gql.twitch.tv/gqlT |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://hynek.me/articles/import-attrs/) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=trueuhttps://i.instagram.com/api/v1/users |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://i.instagram.com/api/v1/users/ |
Source: file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://instagram.com/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3092540180.000002606F1A1000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3017617111.000002606F19E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://mahler:8092/site-updates.py |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://oauth.reddit.com/api/v1/me |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://oauth.reddit.com/api/v1/meuNo |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://open.spotify.com/user/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://open.spotify.com/user/u |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://packaging.python.org/specifications/entry-points/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://pypi.org/project/attrs/) |
Source: build.exe, 00000018.00000003.2773862520.0000020781AF5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://python.org/dev/peps/pep-0263/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://raw.githubusercontent.com/justforMonster/injection/main/injection.js |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://raw.githubusercontent.com/justforMonster/injection/main/injection.jsanulluMain.GetInjectionC |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://restores.name/log |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://restores.name/logaYMOVKJ1WAP6PFLQqz |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs) |
Source: stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
Source: stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/monster_free_cloud |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://t.me/monster_free_cloud---------------------- |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds= |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi |
Source: stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=referral&utm_campa |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://tiktok.com/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com/home |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.jsonareqadescriptionuThere |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.com/u |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://twitter.comarefereruhttps://twitter.com/homeusec-fetch-destaemptyusec-fetch-modeacorsusec-fe |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988&app_language=de-DE&ap |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477 |
Source: stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/23.2.0/_static/sponsors/FilePreviews.svg |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/23.2.0/_static/sponsors/Tidelift.svg |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/23.2.0/_static/sponsors/Variomedia.svg |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)). |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/latest/names.html) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/stable/changelog.html |
Source: stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/stable/changelog.html) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes). |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2464131529.0000000028D84000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref |
Source: build.exe, 00000018.00000003.2773862520.00000207816BC000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: file.exe, 00000000.00000003.2070352427.0000000002687000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ibm.com/ |
Source: stub.exe, 00000019.00000002.3098252283.000002606FB38000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/ |
Source: stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc |
Source: stub.exe, 00000019.00000002.3097843536.000002606F6C0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/ |
Source: stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6 |
Source: file.exe, 00000000.00000002.2441600215.000000000043C000.00000040.00000001.01000000.00000003.sdmp, stub.exe, 00000019.00000002.3096504690.000002606F620000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ |
Source: file.exe, 00000000.00000003.2158189642.000000002EF53000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
Source: file.exe, 00000000.00000002.2441600215.000000000043C000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj |
Source: stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
Source: file.exe, 00000000.00000003.2158189642.000000002EF53000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg |
Source: file.exe, 00000000.00000002.2441600215.000000000043C000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/ |
Source: file.exe, 00000000.00000003.2158189642.000000002EF53000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2837202724.000002606F460000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
Source: build.exe, 00000018.00000003.2773862520.00000207816B1000.00000004.00000020.00020000.00000000.sdmp, build.exe, 00000018.00000003.2773862520.0000020781739000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.openssl.org/H |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3092540180.000002606F1A1000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3017617111.000002606F19E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.python.org/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.python.org/dev/peps/pep-0205/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.python.org/dev/peps/pep-0506/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.python.org/download/releases/2.3/mro/. |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reddit.com/user/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.reddit.com/user/acomment_karmaatotal_karmaais_modais_goldais_suspendedaprofileUrlu |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.roblox.com/my/account/json |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.roblox.com/my/account/jsonuhttps://economy.roblox.com/v1/users/aresaUserIdu/currencyuhtt |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.spotify.com/api/account-settings/v1/profileatextaloadsaprofileagenderabirthdateu |
Source: stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&ba |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.twitch.tv/ |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.twitch.tv/adisplayNameahasPrimeaisPartneralanguageaprofileImageURLabitsBalanceatotalCoun |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3042192631.000002606C756000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3023690982.000002606C72A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.variomedia.de/ |
Source: 342db65350.exe, 00000017.00000002.3339226587.0000000006443000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/account |
Source: 342db65350.exe, 00000017.00000002.3339226587.0000000006443000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/account.NK |
Source: 342db65350.exe, 00000017.00000002.3339226587.0000000006443000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/accountMN |
Source: 342db65350.exe, 00000017.00000002.3285477229.00000000020B5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.youtube.com/accountt% |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3048303310.000002606EA34000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://zopeinterface.readthedocs.io/en/latest/ |
Source: unknown |
Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe" |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIDBGHDGHCG.exe" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe "C:\Users\user\AppData\RoamingIDBGHDGHCG.exe" |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAFCAFHJJ.exe" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\userGCAFCAFHJJ.exe "C:\Users\userGCAFCAFHJJ.exe" |
|
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 2260 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
|
Source: C:\Users\userGCAFCAFHJJ.exe |
Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe "C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 1040 |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe "C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000001001\build.exe "C:\Users\user\AppData\Local\Temp\1000001001\build.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Process created: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe "C:\Users\user\AppData\Local\Temp\1000001001\build.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid |
|
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe "C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe "C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\MonsterUpdateService\Monster.exe"" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\MonsterUpdateService\Monster.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('%error_message%', 0, 'System Error', 0+16);close()"" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe |
|
Source: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 1320 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "chcp" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "chcp" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\systeminfo.exe |
Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\HOSTNAME.EXE hostname |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername |
|
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIDBGHDGHCG.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userGCAFCAFHJJ.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe "C:\Users\user\AppData\RoamingIDBGHDGHCG.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\userGCAFCAFHJJ.exe "C:\Users\userGCAFCAFHJJ.exe" |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000001001\build.exe "C:\Users\user\AppData\Local\Temp\1000001001\build.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe "C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe "C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe "C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe "C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Process created: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe "C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Process created: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe "C:\Users\user\AppData\Local\Temp\1000001001\build.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\MonsterUpdateService\Monster.exe"" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('%error_message%', 0, 'System Error', 0+16);close()"" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "chcp" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "chcp" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles" |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\MonsterUpdateService\Monster.exe" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\chcp.com chcp |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\systeminfo.exe systeminfo |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\HOSTNAME.EXE hostname |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: unknown unknown |
|
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe |
Process created: unknown unknown |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles |
|
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msvcr100.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mozglue.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: pcacli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: mstask.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: chartv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: mstask.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: chartv.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: urlmon.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: propsys.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: edputil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: windows.staterepositoryps.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: appresolver.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: slc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: userenv.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: sppc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: onecorecommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: onecoreuapcommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: schannel.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: mskeyprotect.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: msasn1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: dpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: gpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Section loaded: ncryptsslp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: urlmon.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: propsys.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: edputil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: windows.staterepositoryps.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: appresolver.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: slc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: userenv.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: sppc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: onecorecommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: onecoreuapcommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: msimg32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: msvcr100.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: urlmon.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: wsock32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: winmm.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: mpr.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: userenv.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: shfolder.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: propsys.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: edputil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: urlmon.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: windows.staterepositoryps.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: wintypes.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: appresolver.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: slc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: sppc.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: onecorecommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: onecoreuapcommonproxystub.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: pcacli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Section loaded: sfc_os.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: propsys.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: windows.fileexplorer.common.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: ntshrui.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: cscapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000001001\build.exe |
Section loaded: windows.staterepositoryps.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: python310.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: version.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: libffi-7.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: sqlite3.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: python3.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: libcrypto-1_1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: libssl-1_1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: libcrypto-1_1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: dnsapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: rasadhlp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: fwpuclnt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: mpr.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: dbghelp.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: winsta.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: msxml6.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vcruntime140_1.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: vbscript.dll |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Section loaded: sxs.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: version.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dwrite.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msvcp140_clr0400.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: textshaping.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: textinputframework.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coreuicomponents.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coremessaging.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: coremessaging.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wintypes.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windowscodecs.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: winhttp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: msimg32.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: msvcr100.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: sspicli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: wininet.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: iertutil.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: wldp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: profapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: mswsock.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: winnsi.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: urlmon.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: srvcli.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Section loaded: netutils.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\attrib.exe |
Section loaded: ulib.dll |
|
Source: C:\Windows\System32\attrib.exe |
Section loaded: fsutilext.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: mpr.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: dbghelp.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: winsta.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\taskkill.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: rstrtmgr.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ncrypt.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntasn1.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ondemandconnroutehelper.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winhttp.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mswsock.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: winnsi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mozglue.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: wsock32.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: vcruntime140.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: msvcp140.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: windowscodecs.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: mpr.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: framedynos.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: dbghelp.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: winsta.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\tasklist.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: edputil.dll |
|
Source: C:\Windows\System32\chcp.com |
Section loaded: ulib.dll |
|
Source: C:\Windows\System32\chcp.com |
Section loaded: fsutilext.dll |
|
Source: C:\Windows\System32\chcp.com |
Section loaded: ulib.dll |
|
Source: C:\Windows\System32\chcp.com |
Section loaded: fsutilext.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe |
Section loaded: apphelp.dll |
|
Source: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: fastprox.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ncobjapi.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Section loaded: esscli.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: ifmon.dll |
|
Source: C:\Windows\System32\netsh.exe |
Section loaded: iphlpapi.dll |
|
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\userGCAFCAFHJJ.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\taskkill.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\systeminfo.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\netsh.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\wbem\WMIC.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 34EC2C second address: 34EC30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 34EC30 second address: 34EC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4BFEB3 second address: 4BFEB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4BFEB9 second address: 4BFEC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E4Ah 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4BFEC7 second address: 4BFECB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C0014 second address: 4C001E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C001E second address: 4C002A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F0950FC2076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C002A second address: 4C0043 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0950EB8E4Dh 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C377D second address: 4C378A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C378A second address: 4C378F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3889 second address: 4C3895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3895 second address: 4C38F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jp 00007F0950EB8E4Eh 0x00000014 mov eax, dword ptr [eax] 0x00000016 jmp 00007F0950EB8E54h 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f pushad 0x00000020 jo 00007F0950EB8E5Ch 0x00000026 jmp 00007F0950EB8E56h 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C39C2 second address: 4C39C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3A36 second address: 4C3A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3A3A second address: 4C3A44 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0950FC2076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3A44 second address: 4C3A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3A4A second address: 4C3A4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3A4E second address: 4C3AC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b xor dword ptr [ebp+122D19EFh], ecx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F0950EB8E48h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d movzx ecx, ax 0x00000030 call 00007F0950EB8E49h 0x00000035 push ebx 0x00000036 push esi 0x00000037 pushad 0x00000038 popad 0x00000039 pop esi 0x0000003a pop ebx 0x0000003b push eax 0x0000003c push ebx 0x0000003d jmp 00007F0950EB8E4Fh 0x00000042 pop ebx 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 jmp 00007F0950EB8E4Fh 0x0000004c mov eax, dword ptr [eax] 0x0000004e push eax 0x0000004f push edx 0x00000050 jno 00007F0950EB8E48h 0x00000056 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3AC1 second address: 4C3B84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F0950FC2089h 0x00000012 pop eax 0x00000013 sub dword ptr [ebp+122D1A41h], ebx 0x00000019 push 00000003h 0x0000001b mov ecx, dword ptr [ebp+122D39EAh] 0x00000021 push 00000000h 0x00000023 or dword ptr [ebp+122D1AF4h], eax 0x00000029 push 00000003h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F0950FC2078h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000019h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 call 00007F0950FC2079h 0x0000004a jmp 00007F0950FC207Eh 0x0000004f push eax 0x00000050 pushad 0x00000051 jg 00007F0950FC207Ch 0x00000057 jnc 00007F0950FC207Ch 0x0000005d popad 0x0000005e mov eax, dword ptr [esp+04h] 0x00000062 jmp 00007F0950FC2080h 0x00000067 mov eax, dword ptr [eax] 0x00000069 push eax 0x0000006a push edx 0x0000006b js 00007F0950FC2080h 0x00000071 jmp 00007F0950FC207Ah 0x00000076 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3B84 second address: 4C3B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3B8A second address: 4C3B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3B8E second address: 4C3B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3B92 second address: 4C3BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push edx 0x0000000d jnc 00007F0950FC2078h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov dword ptr [ebp+122D1BAEh], eax 0x0000001b lea ebx, dword ptr [ebp+124484F2h] 0x00000021 mov dword ptr [ebp+122D1A89h], eax 0x00000027 xchg eax, ebx 0x00000028 pushad 0x00000029 jmp 00007F0950FC2088h 0x0000002e jmp 00007F0950FC2088h 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 jns 00007F0950FC2078h 0x0000003d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C3BF9 second address: 4C3BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4A0B second address: 4E4A26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950FC2087h 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4A26 second address: 4E4A2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4A2A second address: 4E4A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2AF3 second address: 4E2AF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2AF8 second address: 4E2B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jo 00007F0950FC2076h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2B0C second address: 4E2B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0950EB8E46h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jl 00007F0950EB8E6Dh 0x00000013 jmp 00007F0950EB8E4Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a jng 00007F0950EB8E46h 0x00000020 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2C64 second address: 4E2C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2C69 second address: 4E2C93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E58h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2C93 second address: 4E2CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 js 00007F0950FC2076h 0x0000000e jg 00007F0950FC2076h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2F3D second address: 4E2F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2F41 second address: 4E2F78 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F0950FC2085h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F0950FC207Fh 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2F78 second address: 4E2F82 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2F82 second address: 4E2F88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E2F88 second address: 4E2F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E37FB second address: 4E3801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E3AE7 second address: 4E3AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E3AED second address: 4E3B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2080h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E3B02 second address: 4E3B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E3B07 second address: 4E3B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E3B10 second address: 4E3B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B5778 second address: 4B5795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0950FC2081h 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B5795 second address: 4B57BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0950EB8E50h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0950EB8E4Fh 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B57BE second address: 4B57CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4336 second address: 4E4348 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F0950EB8E48h 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4348 second address: 4E434E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4E4496 second address: 4E449A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B21F8 second address: 4B21FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4EFA44 second address: 4EFA48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4EFA48 second address: 4EFA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0950FC2085h 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4EFC20 second address: 4EFC24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4EFC24 second address: 4EFC2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4EFC2A second address: 4EFC2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0044 second address: 4F0070 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F0950FC208Eh 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007F0950FC2086h 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0070 second address: 4F0076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F01F4 second address: 4F0206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F0950FC2078h 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0206 second address: 4F021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0950EB8E4Eh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F021C second address: 4F0226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0950FC2076h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0226 second address: 4F022A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F247E second address: 4F24A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F0950FC2089h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2632 second address: 4F263A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F263A second address: 4F263E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F263E second address: 4F264B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F264B second address: 4F264F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2AF9 second address: 4F2B0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0950EB8E48h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2B0A second address: 4F2B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2B10 second address: 4F2B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2C85 second address: 4F2CAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0950FC2080h 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F31D1 second address: 4F31FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d mov edi, esi 0x0000000f mov edi, dword ptr [ebp+12447145h] 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0950EB8E4Fh 0x0000001f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F31FA second address: 4F320C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F33C8 second address: 4F33CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F4BA1 second address: 4F4BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F4BA5 second address: 4F4BD9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F0950EB8E57h 0x00000010 pop esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0950EB8E4Eh 0x00000019 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F4BD9 second address: 4F4BDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F4BDF second address: 4F4BF5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0950EB8E4Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F525C second address: 4F5262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F5262 second address: 4F5267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F83FD second address: 4F8402 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F65D7 second address: 4F65DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F973F second address: 4F9743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F9743 second address: 4F9747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4FA202 second address: 4FA206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4FACD6 second address: 4FACDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4FA206 second address: 4FA21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4FB8D0 second address: 4FB8D5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B8EB1 second address: 4B8EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4B8EB7 second address: 4B8EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50287C second address: 502881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 502881 second address: 50288B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0950EB8E4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5036CC second address: 5036E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0950FC207Ah 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5029E2 second address: 5029E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5036E1 second address: 503748 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a call 00007F0950FC2086h 0x0000000f call 00007F0950FC207Bh 0x00000014 mov ebx, dword ptr [ebp+122D392Eh] 0x0000001a pop edi 0x0000001b pop edi 0x0000001c push 00000000h 0x0000001e add bx, 49E2h 0x00000023 push 00000000h 0x00000025 jmp 00007F0950FC2087h 0x0000002a push eax 0x0000002b push edi 0x0000002c jc 00007F0950FC207Ch 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5029E6 second address: 5029EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50391A second address: 503920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 503920 second address: 503947 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F0950EB8E5Ch 0x00000011 jmp 00007F0950EB8E56h 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 504979 second address: 50497F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 505810 second address: 505814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50497F second address: 504984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50779B second address: 50779F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50779F second address: 50781E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0950FC2082h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov di, dx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F0950FC2078h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e xor dword ptr [ebp+122D1AEEh], edi 0x00000034 mov edi, dword ptr [ebp+122D39DAh] 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D3902h] 0x00000042 jmp 00007F0950FC207Dh 0x00000047 xchg eax, esi 0x00000048 jmp 00007F0950FC2089h 0x0000004d push eax 0x0000004e push eax 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 509715 second address: 509732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E58h 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 509732 second address: 509797 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F0950FC2083h 0x0000000f xor edi, 6C866231h 0x00000015 push 00000000h 0x00000017 mov ebx, edi 0x00000019 push 00000000h 0x0000001b mov bx, ax 0x0000001e xchg eax, esi 0x0000001f push edi 0x00000020 push edi 0x00000021 jmp 00007F0950FC207Bh 0x00000026 pop edi 0x00000027 pop edi 0x00000028 push eax 0x00000029 pushad 0x0000002a jnl 00007F0950FC208Dh 0x00000030 push eax 0x00000031 push edx 0x00000032 push edx 0x00000033 pop edx 0x00000034 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50890B second address: 508910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 508910 second address: 508932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0950FC2087h 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 508932 second address: 50893D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F0950EB8E46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50A772 second address: 50A78B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F0950FC2076h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F0950FC207Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50A78B second address: 50A78F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5098F4 second address: 5098F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50A78F second address: 50A799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50A799 second address: 50A7EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jc 00007F0950FC207Bh 0x0000000f mov edi, 46575ED7h 0x00000014 push 00000000h 0x00000016 pushad 0x00000017 adc di, DC67h 0x0000001c jns 00007F0950FC2076h 0x00000022 popad 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F0950FC2078h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f mov dword ptr [ebp+12448D69h], edi 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50A7EE second address: 50A7F8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50B5DB second address: 50B5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50B5DF second address: 50B5E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50B5E3 second address: 50B60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F0950FC2086h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jo 00007F0950FC2080h 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50D4D7 second address: 50D4DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50D4DB second address: 50D4E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50F5F9 second address: 50F607 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F0950EB8E46h 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50F607 second address: 50F60B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 50E851 second address: 50E857 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5197C5 second address: 5197D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0950FC2076h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5197D1 second address: 5197D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51993B second address: 519950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F0950FC2076h 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 519950 second address: 519956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 519956 second address: 519960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 519960 second address: 519964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 519C20 second address: 519C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FCB4 second address: 51FCB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FCB8 second address: 51FCBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FCBC second address: 51FCF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jne 00007F0950EB8E54h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0950EB8E58h 0x0000001a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FCF7 second address: 51FD13 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0950FC2076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e jmp 00007F0950FC207Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FE1A second address: 51FE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FE1F second address: 51FE5E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0950FC207Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b js 00007F0950FC208Ch 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jbe 00007F0950FC2096h 0x0000001b push eax 0x0000001c push edx 0x0000001d je 00007F0950FC2076h 0x00000023 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FE5E second address: 51FE82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jnc 00007F0950EB8E46h 0x00000014 pop ebx 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 51FFFF second address: 520017 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jno 00007F0950FC2076h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F0950FC2076h 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 520017 second address: 52001B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52001B second address: 52002E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52002E second address: 520064 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0950EB8E56h 0x00000017 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 524FEE second address: 524FF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5242D4 second address: 5242E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 ja 00007F0950EB8E4Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5242E3 second address: 5242ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5242ED second address: 5242F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5249C2 second address: 5249C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5249C8 second address: 5249FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 js 00007F0950EB8E46h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F0950EB8E4Eh 0x00000013 popad 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 je 00007F0950EB8E46h 0x0000001d jmp 00007F0950EB8E4Fh 0x00000022 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5249FD second address: 524A2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2085h 0x00000007 jmp 00007F0950FC2080h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 524A2A second address: 524A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52A95C second address: 52A965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52A965 second address: 52A981 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E50h 0x00000007 jo 00007F0950EB8E4Eh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52A981 second address: 52A99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007F0950FC2080h 0x0000000e pushad 0x0000000f popad 0x00000010 pop eax 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52A99D second address: 52A9A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AAFD second address: 52AB22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2087h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007F0950FC207Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AB22 second address: 52AB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AB28 second address: 52AB3D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0950FC207Bh 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AB3D second address: 52AB41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AF54 second address: 52AF5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52AF5C second address: 52AF66 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0950EB8E46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52B0C2 second address: 52B0F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 jmp 00007F0950FC207Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F0950FC2086h 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52B0F8 second address: 52B10D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0950EB8E4Eh 0x00000008 push esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52B3A1 second address: 52B3A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52CE59 second address: 52CE78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0950EB8E52h 0x0000000d pop edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 52CE78 second address: 52CE98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2088h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 531776 second address: 531798 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0950EB8E4Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0950EB8E4Eh 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 531798 second address: 5317A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0950FC2076h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5317A2 second address: 5317A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5317A6 second address: 5317B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5317B1 second address: 5317F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E57h 0x00000009 jl 00007F0950EB8E46h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0950EB8E55h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5317F0 second address: 5317F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5317F4 second address: 531829 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Fh 0x00000007 jmp 00007F0950EB8E52h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F0950EB8E50h 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 531829 second address: 531854 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0950FC207Eh 0x00000008 pushad 0x00000009 jl 00007F0950FC2076h 0x0000000f jnp 00007F0950FC2076h 0x00000015 jmp 00007F0950FC207Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53065B second address: 53065F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53065F second address: 53066B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53066B second address: 53066F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53066F second address: 530683 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0950FC2076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F0950FC2076h 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 530683 second address: 530687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0D0B second address: 4F0D0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0E03 second address: 4F0E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F0950EB8E57h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0E28 second address: 4F0E2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F0F2C second address: 4F0F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F13CC second address: 34EC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, edx 0x0000000b push dword ptr [ebp+122D13D1h] 0x00000011 jmp 00007F0950FC2080h 0x00000016 call dword ptr [ebp+122D1BA9h] 0x0000001c pushad 0x0000001d pushad 0x0000001e cld 0x0000001f mov cx, dx 0x00000022 popad 0x00000023 xor eax, eax 0x00000025 jmp 00007F0950FC207Dh 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e cld 0x0000002f mov dword ptr [ebp+122D3936h], eax 0x00000035 add dword ptr [ebp+122D18E6h], edi 0x0000003b mov esi, 0000003Ch 0x00000040 mov dword ptr [ebp+122D1A41h], ebx 0x00000046 add esi, dword ptr [esp+24h] 0x0000004a jmp 00007F0950FC2085h 0x0000004f stc 0x00000050 lodsw 0x00000052 jmp 00007F0950FC2086h 0x00000057 add eax, dword ptr [esp+24h] 0x0000005b mov dword ptr [ebp+122D1A09h], ebx 0x00000061 mov ebx, dword ptr [esp+24h] 0x00000065 mov dword ptr [ebp+122D1962h], eax 0x0000006b nop 0x0000006c jmp 00007F0950FC2087h 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F0950FC207Dh 0x0000007b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1542 second address: 4F1558 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1558 second address: 4F155C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F15F0 second address: 4F15F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F15F6 second address: 4F1642 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0950FC2076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F0950FC2084h 0x00000012 xchg eax, esi 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F0950FC2078h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov di, F8E6h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push edx 0x00000037 pop edx 0x00000038 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1642 second address: 4F164C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F176E second address: 4F1780 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1849 second address: 4F184D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F184D second address: 4F1869 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F195B second address: 4F1965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1939 second address: 4F195B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0950FC2089h 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F1CAB second address: 4F1D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0950EB8E46h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F0950EB8E4Bh 0x00000013 jnc 00007F0950EB8E4Ch 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0950EB8E48h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 and edi, 4A5FFD51h 0x0000003b push 0000001Eh 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007F0950EB8E48h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 sbb dh, FFFFFFC2h 0x0000005a xor edx, 326207A1h 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 pushad 0x00000065 popad 0x00000066 jnp 00007F0950EB8E46h 0x0000006c popad 0x0000006d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2074 second address: 4F2078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F2078 second address: 4F20E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0950EB8E4Fh 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov edx, dword ptr [ebp+122D1AEEh] 0x00000018 lea eax, dword ptr [ebp+12475ACBh] 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F0950EB8E48h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000017h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 and edi, dword ptr [ebp+122D18FFh] 0x0000003e nop 0x0000003f pushad 0x00000040 jmp 00007F0950EB8E50h 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4F20E3 second address: 4DB328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 jnp 00007F0950FC208Dh 0x0000000d nop 0x0000000e je 00007F0950FC2078h 0x00000014 mov dh, 48h 0x00000016 lea eax, dword ptr [ebp+12475A87h] 0x0000001c push 00000000h 0x0000001e push ebp 0x0000001f call 00007F0950FC2078h 0x00000024 pop ebp 0x00000025 mov dword ptr [esp+04h], ebp 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc ebp 0x00000032 push ebp 0x00000033 ret 0x00000034 pop ebp 0x00000035 ret 0x00000036 sub edx, dword ptr [ebp+122D3AE6h] 0x0000003c push eax 0x0000003d jnp 00007F0950FC207Ah 0x00000043 mov dword ptr [esp], eax 0x00000046 jnp 00007F0950FC207Ah 0x0000004c call dword ptr [ebp+12455757h] 0x00000052 js 00007F0950FC20A8h 0x00000058 push esi 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4DB328 second address: 4DB32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4DB32E second address: 4DB338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 530959 second address: 530966 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 530B03 second address: 530B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F0950FC2076h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 530EE1 second address: 530EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0950EB8E46h 0x0000000a pop esi 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 530EEC second address: 530EF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 je 00007F0950FC2076h 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 531165 second address: 531170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0950EB8E46h 0x0000000a popad 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5312EC second address: 5312F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 535A68 second address: 535A8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Fh 0x00000007 jmp 00007F0950EB8E50h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B8B7 second address: 53B8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B8BC second address: 53B8C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B8C2 second address: 53B8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4AD14F second address: 4AD160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F0950EB8E4Bh 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A488 second address: 53A48E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A876 second address: 53A87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A87A second address: 53A880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A880 second address: 53A886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A886 second address: 53A8A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2088h 0x00000007 jp 00007F0950FC2082h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A8A8 second address: 53A8AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53AB5D second address: 53AB63 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B114 second address: 53B11A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B262 second address: 53B282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2089h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B6B0 second address: 53B6C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F0950EB8E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B6C0 second address: 53B6DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2089h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B6DD second address: 53B6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B6E8 second address: 53B6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53B6EE second address: 53B6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 53A070 second address: 53A084 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 jo 00007F0950FC2082h 0x0000000c jc 00007F0950FC2076h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 541566 second address: 54156C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54156C second address: 541570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5416E4 second address: 5416E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5416E9 second address: 5416EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5416EF second address: 541712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E54h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F0950EB8E46h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54199E second address: 5419A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54585C second address: 545862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 545862 second address: 545866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 545866 second address: 545877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0950EB8E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AD03 second address: 54AD07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AD07 second address: 54AD19 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0950EB8E46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AFC2 second address: 54AFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0950FC2076h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AFD3 second address: 54AFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AFD7 second address: 54AFDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54AFDD second address: 54AFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jno 00007F0950EB8E46h 0x00000010 jmp 00007F0950EB8E51h 0x00000015 pop eax 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54B51A second address: 54B522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54B522 second address: 54B530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jns 00007F0950EB8E46h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54B530 second address: 54B562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2081h 0x00000009 popad 0x0000000a push ecx 0x0000000b jmp 00007F0950FC2089h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54B68B second address: 54B690 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54C00F second address: 54C020 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54FD8C second address: 54FD9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 54FD9A second address: 54FDB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950FC2089h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 550087 second address: 550095 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F0950EB8E4Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 550095 second address: 55009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55009F second address: 5500A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5500A8 second address: 5500C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5500C2 second address: 5500CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5500CC second address: 5500E4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0950FC2076h 0x00000008 jno 00007F0950FC2076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F0950FC2076h 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 554499 second address: 5544B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0950EB8E50h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553D40 second address: 553D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0950FC2083h 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553ECA second address: 553ED6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0950EB8E46h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553ED6 second address: 553EEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F0950FC2076h 0x0000000b popad 0x0000000c je 00007F0950FC2082h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553EEA second address: 553EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553EF0 second address: 553F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0950FC207Eh 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 553F08 second address: 553F22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F0950EB8E52h 0x0000000c pop edi 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55B1C2 second address: 55B1C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55B1C6 second address: 55B1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0950EB8E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jno 00007F0950EB8E46h 0x00000016 js 00007F0950EB8E46h 0x0000001c jmp 00007F0950EB8E58h 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55C53A second address: 55C540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55C540 second address: 55C546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55CA9D second address: 55CAAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F0950FC2076h 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55CAAB second address: 55CAD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F0950EB8E48h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55CAD5 second address: 55CAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55CAE3 second address: 55CB12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F0950EB8E5Ch 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007F0950EB8E46h 0x00000015 pop ecx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 55CB12 second address: 55CB1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 561A53 second address: 561A8A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0950EB8E4Eh 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0950EB8E51h 0x00000015 push ebx 0x00000016 ja 00007F0950EB8E46h 0x0000001c jnp 00007F0950EB8E46h 0x00000022 pop ebx 0x00000023 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565BC6 second address: 565BE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2088h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565BE2 second address: 565BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F0950EB8E46h 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0950EB8E4Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565BFD second address: 565C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565C02 second address: 565C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565C09 second address: 565C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565C14 second address: 565C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565C1A second address: 565C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565C1E second address: 565C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 564CDD second address: 564CEE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jne 00007F0950FC2076h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565171 second address: 5651AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F0950EB8E58h 0x0000000f ja 00007F0950EB8E4Ch 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56562F second address: 565647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2084h 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 565647 second address: 56564D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5658D1 second address: 5658D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5658D7 second address: 5658E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 570106 second address: 570123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F0950FC2076h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0950FC207Eh 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 570123 second address: 570136 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0950EB8E46h 0x00000008 jno 00007F0950EB8E46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 570136 second address: 57013C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56E283 second address: 56E2B4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0950EB8E4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007F0950EB8E4Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0950EB8E50h 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56E2B4 second address: 56E2BE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0950FC2076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56E9C1 second address: 56E9E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F0950EB8E4Ah 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56ECBB second address: 56ECDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2087h 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56ECDA second address: 56ECDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56ECDE second address: 56ECFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0950FC2083h 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56ECFE second address: 56ED08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0950EB8E46h 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56EE5A second address: 56EE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56EE5F second address: 56EE72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b jc 00007F0950EB8E46h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56EE72 second address: 56EE82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56EE82 second address: 56EE8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56EE8A second address: 56EE8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56F151 second address: 56F15F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE0C second address: 56DE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 ja 00007F0950FC2076h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE1A second address: 56DE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE26 second address: 56DE2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE2A second address: 56DE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE32 second address: 56DE55 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0950FC208Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE55 second address: 56DE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 56DE5D second address: 56DE63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 576DBA second address: 576DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 583A87 second address: 583A98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 583729 second address: 583790 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0950EB8E46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0950EB8E54h 0x00000011 jmp 00007F0950EB8E4Ch 0x00000016 popad 0x00000017 js 00007F0950EB8E8Fh 0x0000001d jg 00007F0950EB8E60h 0x00000023 pushad 0x00000024 popad 0x00000025 jmp 00007F0950EB8E58h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0950EB8E52h 0x00000031 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596EF5 second address: 596F14 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F0950FC2076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0950FC207Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596F14 second address: 596F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596F18 second address: 596F38 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0950FC2076h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F0950FC207Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F0950FC2076h 0x0000001b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596F38 second address: 596F3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596F3C second address: 596F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 596F46 second address: 596F55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59EBCC second address: 59EBFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2086h 0x00000007 jmp 00007F0950FC207Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D42D second address: 59D43F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007F0950EB8E48h 0x0000000b push ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D6F8 second address: 59D72F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0950FC2088h 0x00000008 jmp 00007F0950FC2085h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D72F second address: 59D733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D901 second address: 59D922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F0950FC2076h 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D922 second address: 59D932 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59D932 second address: 59D938 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59DC30 second address: 59DC46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E50h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 59DDE5 second address: 59DDEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5A67BE second address: 5A67C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5A67C2 second address: 5A67E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC2086h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5A67E1 second address: 5A67F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950EB8E4Eh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5ADC22 second address: 5ADC36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5ADC36 second address: 5ADC3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5ADABC second address: 5ADAC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B2270 second address: 5B2276 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B2144 second address: 5B2148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B2148 second address: 5B2157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 je 00007F0950EB8E46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B7A8A second address: 5B7A92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B7A92 second address: 5B7A9C instructions: 0x00000000 rdtsc 0x00000002 js 00007F0950EB8E46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5B7A9C second address: 5B7AD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F0950FC2078h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007F0950FC207Fh 0x00000013 popad 0x00000014 push esi 0x00000015 pushad 0x00000016 jmp 00007F0950FC2085h 0x0000001b push esi 0x0000001c pop esi 0x0000001d popad 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E0B02 second address: 5E0B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0950EB8E46h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0950EB8E55h 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E0B24 second address: 5E0B41 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0950FC2076h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F0950FC207Ch 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E0F80 second address: 5E0F88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E10F4 second address: 5E10F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E1859 second address: 5E187E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0950EB8E48h 0x00000008 pushad 0x00000009 jmp 00007F0950EB8E58h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E187E second address: 5E1884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E1884 second address: 5E188A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E1A11 second address: 5E1A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E5D83 second address: 5E5D88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E5D88 second address: 5E5D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F0950FC2076h 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E636D second address: 5E6377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E6377 second address: 5E63E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a pushad 0x0000000b mov dword ptr [ebp+122D19F9h], ecx 0x00000011 call 00007F0950FC2087h 0x00000016 mov esi, dword ptr [ebp+122D20DFh] 0x0000001c pop edx 0x0000001d popad 0x0000001e push dword ptr [ebp+122D1B32h] 0x00000024 ja 00007F0950FC208Eh 0x0000002a call 00007F0950FC2086h 0x0000002f stc 0x00000030 pop edx 0x00000031 push E258888Fh 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F0950FC207Eh 0x0000003d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E7ABF second address: 5E7AD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F0950EB8E4Ch 0x0000000c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E7AD1 second address: 5E7AD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E7AD9 second address: 5E7AF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E57h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E9AEF second address: 5E9AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 5E9AF3 second address: 5E9B05 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0950EB8E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F0950EB8E46h 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80EBB second address: 4C80EC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80EC1 second address: 4C80EDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950EB8E59h 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80EDE second address: 4C80EFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80EFC second address: 4C80F0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80F0F second address: 4C80F1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ax, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C5008E second address: 4C50094 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50094 second address: 4C50166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, al 0x00000005 pushfd 0x00000006 jmp 00007F0950FC2089h 0x0000000b adc si, CBD6h 0x00000010 jmp 00007F0950FC2081h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d pop ebx 0x0000001e mov eax, 1EFC6255h 0x00000023 popad 0x00000024 pushfd 0x00000025 jmp 00007F0950FC2082h 0x0000002a or ax, F128h 0x0000002f jmp 00007F0950FC207Bh 0x00000034 popfd 0x00000035 popad 0x00000036 push eax 0x00000037 jmp 00007F0950FC2089h 0x0000003c xchg eax, ebp 0x0000003d pushad 0x0000003e push ecx 0x0000003f pushad 0x00000040 popad 0x00000041 pop edi 0x00000042 mov si, EC15h 0x00000046 popad 0x00000047 mov ebp, esp 0x00000049 jmp 00007F0950FC2080h 0x0000004e push dword ptr [ebp+04h] 0x00000051 jmp 00007F0950FC2080h 0x00000056 push dword ptr [ebp+0Ch] 0x00000059 jmp 00007F0950FC2080h 0x0000005e push dword ptr [ebp+08h] 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 push edi 0x00000065 pop esi 0x00000066 mov ax, dx 0x00000069 popad 0x0000006a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C708D6 second address: 4C708DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C708DA second address: 4C708E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70537 second address: 4C70578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0950EB8E56h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0950EB8E57h 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C7042B second address: 4C70431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70431 second address: 4C70440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70440 second address: 4C70444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70444 second address: 4C70455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70455 second address: 4C7045B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C701E6 second address: 4C701EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C701EC second address: 4C701F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70EC8 second address: 4C70EEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0950EB8E57h 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70EEC second address: 4C70EF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70EF0 second address: 4C70EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70EF6 second address: 4C70EFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70EFC second address: 4C70F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70F00 second address: 4C70F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CC0554 second address: 4CC0559 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CC0559 second address: 4CC056A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx edi, cx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CC056A second address: 4CC0570 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CC0570 second address: 4CC05DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0950FC2086h 0x00000009 jmp 00007F0950FC2085h 0x0000000e popfd 0x0000000f mov ch, 0Ch 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007F0950FC207Ah 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F0950FC2080h 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0950FC2087h 0x00000029 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CC05DC second address: 4CC05E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C90327 second address: 4C90344 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C90344 second address: 4C903BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0950EB8E57h 0x00000008 movzx ecx, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e and dword ptr [eax], 00000000h 0x00000011 pushad 0x00000012 push edi 0x00000013 push eax 0x00000014 pop edi 0x00000015 pop eax 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F0950EB8E4Fh 0x0000001d sbb si, A17Eh 0x00000022 jmp 00007F0950EB8E59h 0x00000027 popfd 0x00000028 popad 0x00000029 popad 0x0000002a and dword ptr [eax+04h], 00000000h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F0950EB8E58h 0x00000035 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70306 second address: 4C7030C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C7030C second address: 4C70312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C70312 second address: 4C7034A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0950FC2087h 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80DD2 second address: 4C80DD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80DD6 second address: 4C80DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80DDC second address: 4C80E0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f call 00007F0950EB8E53h 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80E0F second address: 4C80E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0950FC207Eh 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80E3A second address: 4C80E70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0950EB8E56h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0950EB8E4Ah 0x0000001a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80E70 second address: 4C80E76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C80E76 second address: 4C80E88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0950EB8E4Ch 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C900C6 second address: 4C900CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C900CA second address: 4C900D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C900D0 second address: 4C900FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0950FC2087h 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C900FC second address: 4C90101 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C90101 second address: 4C90141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c mov ax, B393h 0x00000010 pushfd 0x00000011 jmp 00007F0950FC2088h 0x00000016 add ah, 00000018h 0x00000019 jmp 00007F0950FC207Bh 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C90141 second address: 4C9015C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0676 second address: 4CB06FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 34C2h 0x00000007 pushfd 0x00000008 jmp 00007F0950FC2083h 0x0000000d add eax, 334A23BEh 0x00000013 jmp 00007F0950FC2089h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e mov edx, ecx 0x00000020 mov dh, ch 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F0950FC2082h 0x00000029 xchg eax, ebp 0x0000002a jmp 00007F0950FC2080h 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F0950FC2087h 0x00000038 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB06FA second address: 4CB0700 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0700 second address: 4CB073A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007F0950FC2086h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0950FC207Dh 0x0000001b rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB073A second address: 4CB073E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB073E second address: 4CB0744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0744 second address: 4CB074A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB074A second address: 4CB074E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB074E second address: 4CB0775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F0950EB8E57h 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0775 second address: 4CB080E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0950FC2082h 0x00000009 or esi, 5155BFC8h 0x0000000f jmp 00007F0950FC207Bh 0x00000014 popfd 0x00000015 movzx eax, bx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov eax, dword ptr [76FA65FCh] 0x00000020 pushad 0x00000021 jmp 00007F0950FC2081h 0x00000026 pushfd 0x00000027 jmp 00007F0950FC2080h 0x0000002c and ch, 00000058h 0x0000002f jmp 00007F0950FC207Bh 0x00000034 popfd 0x00000035 popad 0x00000036 test eax, eax 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F0950FC207Bh 0x00000041 xor ch, 0000001Eh 0x00000044 jmp 00007F0950FC2089h 0x00000049 popfd 0x0000004a mov cx, 79E7h 0x0000004e popad 0x0000004f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB080E second address: 4CB083B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F09C312BF96h 0x0000000e pushad 0x0000000f mov cl, 7Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 call 00007F0950EB8E59h 0x00000018 pop eax 0x00000019 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB083B second address: 4CB083F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB083F second address: 4CB0878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F0950EB8E56h 0x00000012 sub ax, 4ED8h 0x00000017 jmp 00007F0950EB8E4Bh 0x0000001c popfd 0x0000001d mov si, B18Fh 0x00000021 popad 0x00000022 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0878 second address: 4CB087F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 37h 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB087F second address: 4CB08DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor eax, dword ptr [ebp+08h] 0x0000000a jmp 00007F0950EB8E59h 0x0000000f and ecx, 1Fh 0x00000012 pushad 0x00000013 movzx esi, dx 0x00000016 mov cl, bl 0x00000018 popad 0x00000019 ror eax, cl 0x0000001b jmp 00007F0950EB8E50h 0x00000020 leave 0x00000021 jmp 00007F0950EB8E50h 0x00000026 retn 0004h 0x00000029 nop 0x0000002a mov esi, eax 0x0000002c lea eax, dword ptr [ebp-08h] 0x0000002f xor esi, dword ptr [00342014h] 0x00000035 push eax 0x00000036 push eax 0x00000037 push eax 0x00000038 lea eax, dword ptr [ebp-10h] 0x0000003b push eax 0x0000003c call 00007F0955869728h 0x00000041 push FFFFFFFEh 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB08DA second address: 4CB08DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB08DE second address: 4CB08E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB08E4 second address: 4CB090B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0950FC207Ah 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB090B second address: 4CB091A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB091A second address: 4CB0992 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0950FC207Fh 0x00000008 mov bh, cl 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d ret 0x0000000e nop 0x0000000f push eax 0x00000010 call 00007F09559729B1h 0x00000015 mov edi, edi 0x00000017 pushad 0x00000018 jmp 00007F0950FC2081h 0x0000001d pushfd 0x0000001e jmp 00007F0950FC2080h 0x00000023 sub esi, 07973C48h 0x00000029 jmp 00007F0950FC207Bh 0x0000002e popfd 0x0000002f popad 0x00000030 xchg eax, ebp 0x00000031 pushad 0x00000032 mov bx, ax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushfd 0x00000038 jmp 00007F0950FC207Eh 0x0000003d and esi, 75067EA8h 0x00000043 jmp 00007F0950FC207Bh 0x00000048 popfd 0x00000049 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0992 second address: 4CB09A8 instructions: 0x00000000 rdtsc 0x00000002 mov cx, F19Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b push edi 0x0000000c mov ebx, ecx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 mov edx, 1E427F1Ch 0x00000016 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB09A8 second address: 4CB0A40 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0950FC2085h 0x00000008 sbb si, E976h 0x0000000d jmp 00007F0950FC2081h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F0950FC207Ch 0x0000001e add ax, 2698h 0x00000023 jmp 00007F0950FC207Bh 0x00000028 popfd 0x00000029 jmp 00007F0950FC2088h 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F0950FC207Dh 0x0000003a sub ah, FFFFFFE6h 0x0000003d jmp 00007F0950FC2081h 0x00000042 popfd 0x00000043 mov cx, 6D17h 0x00000047 popad 0x00000048 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0A40 second address: 4CB0A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CB0A46 second address: 4CB0A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60008 second address: 4C6000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6000E second address: 4C60014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60014 second address: 4C60018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60018 second address: 4C6001C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6001C second address: 4C6002F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bx, E98Ah 0x00000010 mov bh, 14h 0x00000012 popad 0x00000013 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6002F second address: 4C60035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60035 second address: 4C60039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60039 second address: 4C6008B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F0950FC2080h 0x0000000f mov dh, ch 0x00000011 pop ebx 0x00000012 pushfd 0x00000013 jmp 00007F0950FC207Ch 0x00000018 sub ah, FFFFFFA8h 0x0000001b jmp 00007F0950FC207Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0950FC2085h 0x0000002a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6008B second address: 4C60091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60091 second address: 4C60095 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60095 second address: 4C60114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push edi 0x0000000c pushfd 0x0000000d jmp 00007F0950EB8E50h 0x00000012 sub al, 00000068h 0x00000015 jmp 00007F0950EB8E4Bh 0x0000001a popfd 0x0000001b pop esi 0x0000001c mov ecx, edx 0x0000001e popad 0x0000001f and esp, FFFFFFF8h 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F0950EB8E51h 0x00000029 and cx, 4486h 0x0000002e jmp 00007F0950EB8E51h 0x00000033 popfd 0x00000034 mov esi, 2EEFFA37h 0x00000039 popad 0x0000003a xchg eax, ecx 0x0000003b jmp 00007F0950EB8E4Ah 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F0950EB8E4Eh 0x00000048 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60114 second address: 4C6017E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0950FC2081h 0x00000008 pop eax 0x00000009 call 00007F0950FC2081h 0x0000000e pop esi 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xchg eax, ecx 0x00000013 jmp 00007F0950FC2087h 0x00000018 xchg eax, ebx 0x00000019 jmp 00007F0950FC2086h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F0950FC207Eh 0x00000026 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6017E second address: 4C601AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F0950EB8E56h 0x0000000f mov ebx, dword ptr [ebp+10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ecx, edx 0x00000017 mov esi, ebx 0x00000019 popad 0x0000001a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C601AF second address: 4C601F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b jmp 00007F0950FC2088h 0x00000010 push eax 0x00000011 pushad 0x00000012 mov si, bx 0x00000015 mov ebx, 7D8BC180h 0x0000001a popad 0x0000001b xchg eax, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F0950FC2082h 0x00000023 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C601F2 second address: 4C601F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C601F8 second address: 4C601FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C601FC second address: 4C60221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0950EB8E4Dh 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60221 second address: 4C60226 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60226 second address: 4C6028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 mov edi, eax 0x0000000b pushfd 0x0000000c jmp 00007F0950EB8E4Eh 0x00000011 adc ecx, 561FB488h 0x00000017 jmp 00007F0950EB8E4Bh 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [esp], edi 0x00000021 jmp 00007F0950EB8E56h 0x00000026 test esi, esi 0x00000028 pushad 0x00000029 mov cl, 4Ch 0x0000002b movsx ebx, cx 0x0000002e popad 0x0000002f je 00007F09C31771E6h 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F0950EB8E51h 0x0000003c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6028E second address: 4C60308 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F0950FC207Eh 0x00000015 je 00007F09C32803E9h 0x0000001b jmp 00007F0950FC2080h 0x00000020 mov edx, dword ptr [esi+44h] 0x00000023 jmp 00007F0950FC2080h 0x00000028 or edx, dword ptr [ebp+0Ch] 0x0000002b jmp 00007F0950FC2080h 0x00000030 test edx, 61000000h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F0950FC207Ah 0x0000003f rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60308 second address: 4C60317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60317 second address: 4C6031D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6031D second address: 4C60321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60321 second address: 4C6033B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F09C32803D5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0950FC207Ah 0x00000015 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C6033B second address: 4C60341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60341 second address: 4C60345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60345 second address: 4C60349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60349 second address: 4C60380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0950FC2082h 0x00000015 sub ch, 00000028h 0x00000018 jmp 00007F0950FC207Bh 0x0000001d popfd 0x0000001e mov ecx, 77E9AA1Fh 0x00000023 popad 0x00000024 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60380 second address: 4C60386 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C507A7 second address: 4C507B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950FC207Eh 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C507B9 second address: 4C507CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0950EB8E4Ah 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C507CE second address: 4C50821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 mov ax, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f mov cx, bx 0x00000012 mov eax, edx 0x00000014 popad 0x00000015 and esp, FFFFFFF8h 0x00000018 pushad 0x00000019 mov eax, edx 0x0000001b movsx ebx, cx 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 jmp 00007F0950FC207Ch 0x00000025 push eax 0x00000026 pushad 0x00000027 mov bx, C174h 0x0000002b mov si, dx 0x0000002e popad 0x0000002f xchg eax, ebx 0x00000030 jmp 00007F0950FC207Fh 0x00000035 xchg eax, esi 0x00000036 pushad 0x00000037 push esi 0x00000038 mov edi, 0F7E51E6h 0x0000003d pop edx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50821 second address: 4C50833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 movsx edi, ax 0x0000000c mov ecx, 4EB507E9h 0x00000011 popad 0x00000012 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50833 second address: 4C50867 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, 7FA081F6h 0x00000012 jmp 00007F0950FC2087h 0x00000017 popad 0x00000018 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50867 second address: 4C5088C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C5088C second address: 4C508D7 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0950FC2088h 0x00000008 sbb ecx, 253CCCA8h 0x0000000e jmp 00007F0950FC207Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov ah, D7h 0x00000018 popad 0x00000019 mov ebx, 00000000h 0x0000001e pushad 0x0000001f mov cl, 3Dh 0x00000021 movsx edx, cx 0x00000024 popad 0x00000025 test esi, esi 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov edx, 44C7A352h 0x0000002f pushad 0x00000030 popad 0x00000031 popad 0x00000032 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C508D7 second address: 4C50940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F09C317E8E3h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F0950EB8E4Dh 0x00000018 jmp 00007F0950EB8E4Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F0950EB8E58h 0x00000024 adc ecx, 18779EF8h 0x0000002a jmp 00007F0950EB8E4Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50940 second address: 4C5099D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 jmp 00007F0950FC2080h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e cmp dword ptr [esi+08h], DDEEDDEEh 0x00000015 jmp 00007F0950FC2080h 0x0000001a mov ecx, esi 0x0000001c jmp 00007F0950FC2080h 0x00000021 je 00007F09C3287A97h 0x00000027 pushad 0x00000028 mov eax, ebx 0x0000002a popad 0x0000002b test byte ptr [76FA6968h], 00000002h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov ch, FDh 0x00000037 mov di, 0F00h 0x0000003b popad 0x0000003c rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C5099D second address: 4C509A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, dx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C509A5 second address: 4C509CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jne 00007F09C3287A80h 0x0000000d jmp 00007F0950FC207Dh 0x00000012 mov edx, dword ptr [ebp+0Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov edi, 0F1C52DEh 0x0000001d movsx ebx, si 0x00000020 popad 0x00000021 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C509CE second address: 4C509D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C509D4 second address: 4C509D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C509D8 second address: 4C50A57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0950EB8E54h 0x00000013 xor ecx, 178C1208h 0x00000019 jmp 00007F0950EB8E4Bh 0x0000001e popfd 0x0000001f jmp 00007F0950EB8E58h 0x00000024 popad 0x00000025 push eax 0x00000026 jmp 00007F0950EB8E4Bh 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F0950EB8E55h 0x00000033 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50B43 second address: 4C50BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0950FC2087h 0x00000009 sub cx, 454Eh 0x0000000e jmp 00007F0950FC2089h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F0950FC2080h 0x0000001a xor si, 59C8h 0x0000001f jmp 00007F0950FC207Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 pop ebx 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0950FC2082h 0x00000031 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C50BB8 second address: 4C50BBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60C17 second address: 4C60CC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F0950FC207Ch 0x00000011 and eax, 383BC148h 0x00000017 jmp 00007F0950FC207Bh 0x0000001c popfd 0x0000001d mov edx, eax 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 push edi 0x00000023 mov bl, ch 0x00000025 pop ebx 0x00000026 pushfd 0x00000027 jmp 00007F0950FC2088h 0x0000002c xor ch, FFFFFFD8h 0x0000002f jmp 00007F0950FC207Bh 0x00000034 popfd 0x00000035 popad 0x00000036 xchg eax, ebp 0x00000037 pushad 0x00000038 call 00007F0950FC2084h 0x0000003d pushfd 0x0000003e jmp 00007F0950FC2082h 0x00000043 sbb cl, 00000068h 0x00000046 jmp 00007F0950FC207Bh 0x0000004b popfd 0x0000004c pop eax 0x0000004d mov dx, F0ACh 0x00000051 popad 0x00000052 mov ebp, esp 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60CC5 second address: 4C60CE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60CE1 second address: 4C60CE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0AD3 second address: 4CE0B0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 pushfd 0x00000007 jmp 00007F0950EB8E4Dh 0x0000000c jmp 00007F0950EB8E4Bh 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F0950EB8E55h 0x0000001d rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0B0E second address: 4CE0B45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0950FC2081h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0950FC207Dh 0x00000017 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0B45 second address: 4CE0B62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0B62 second address: 4CE0B75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0B75 second address: 4CE0B7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0EBA second address: 4CD0ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950FC207Eh 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0ECC second address: 4CD0EDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0EDC second address: 4CD0EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0EE0 second address: 4CD0EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0EE6 second address: 4CD0F00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, 2D86h 0x00000011 mov dl, 9Ch 0x00000013 popad 0x00000014 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CD0DB1 second address: 4CD0DB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60F1A second address: 4C60F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60F1E second address: 4C60F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60F24 second address: 4C60F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950FC207Fh 0x00000009 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60F37 second address: 4C60F90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950EB8E59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov cx, bx 0x00000014 pushfd 0x00000015 jmp 00007F0950EB8E4Fh 0x0000001a sub eax, 0EDA67BEh 0x00000020 jmp 00007F0950EB8E59h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60F90 second address: 4C60FAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC2081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4C60FAD second address: 4C60FB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\user\AppData\RoamingIDBGHDGHCG.exe |
RDTSC instruction interceptor: First address: 4CE0366 second address: 4CE03DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0950FC2087h 0x00000009 and esi, 7BD17A8Eh 0x0000000f jmp 00007F0950FC2089h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F0950FC2080h 0x0000001b and ax, 8508h 0x00000020 jmp 00007F0950FC207Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F0950FC2085h 0x00000031 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 3CF1D2 second address: 3CF1D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 5501B4 second address: 5501C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 ja 00007F0950FC2076h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 54F63D second address: 54F645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 54F7DA second address: 54F7E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 54F7E0 second address: 54F7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 54F7E6 second address: 54F7F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0950FC207Bh 0x00000009 popad 0x0000000a rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 54FAC0 second address: 54FAC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 551458 second address: 55146B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0950FC207Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 55146B second address: 551482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0950EB8E53h 0x00000009 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 551482 second address: 5514C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0950FC2089h 0x0000000e nop 0x0000000f jng 00007F0950FC2076h 0x00000015 push 00000000h 0x00000017 mov ecx, dword ptr [ebp+122D3925h] 0x0000001d mov dx, 5500h 0x00000021 push F761C4B2h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push esi 0x0000002a pop esi 0x0000002b push esi 0x0000002c pop esi 0x0000002d popad 0x0000002e rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 5514C4 second address: 55156A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0950EB8E4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 089E3BCEh 0x00000011 mov si, CE8Eh 0x00000015 push 00000003h 0x00000017 push 00000000h 0x00000019 cld 0x0000001a push 00000003h 0x0000001c jns 00007F0950EB8E62h 0x00000022 call 00007F0950EB8E49h 0x00000027 jmp 00007F0950EB8E4Fh 0x0000002c push eax 0x0000002d pushad 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 jmp 00007F0950EB8E4Ch 0x00000036 popad 0x00000037 pushad 0x00000038 jmp 00007F0950EB8E4Bh 0x0000003d pushad 0x0000003e popad 0x0000003f popad 0x00000040 popad 0x00000041 mov eax, dword ptr [esp+04h] 0x00000045 jl 00007F0950EB8E4Ah 0x0000004b push eax 0x0000004c pushad 0x0000004d popad 0x0000004e pop eax 0x0000004f mov eax, dword ptr [eax] 0x00000051 push edx 0x00000052 push eax 0x00000053 jg 00007F0950EB8E46h 0x00000059 pop eax 0x0000005a pop edx 0x0000005b mov dword ptr [esp+04h], eax 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 jg 00007F0950EB8E46h 0x00000069 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 55156A second address: 551570 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc |
Source: C:\Users\userGCAFCAFHJJ.exe |
RDTSC instruction interceptor: First address: 5516E1 second address: 5516E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 2012 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: #Windows 10 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3282714744.0000000001E4E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V (core) |
Source: stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Volume Shadow Copy Requestor |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: vmware |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Essential Server Solutions without Hyper-V |
Source: stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V PowerShell Direct Service |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: "Windows 8 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696428655f |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Microsoft Hyper-V Server |
Source: stub.exe, 00000019.00000003.3016768492.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3014173409.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3002278553.000002606F473000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2988153464.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020050954.000002606F47E000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3096155859.000002606F484000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Remote Desktop Virtualization Service |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V (core) |
Source: stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SERVICE_NAME: vmicvss |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~ |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Microsoft Hyper-V Server |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696428655j |
Source: 342db65350.exe, 00000017.00000002.3265664089.0000000000326000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: ]DLL_Loader_VirtualMachine |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: /Windows 2012 R2 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: )Windows 8 Server Standard without Hyper-V |
Source: RoamingIDBGHDGHCG.exe, 00000005.00000002.2246869524.00000000004C7000.00000040.00000001.01000000.00000009.sdmp, userGCAFCAFHJJ.exe, 00000008.00000002.2316247776.0000000000557000.00000040.00000001.01000000.0000000B.sdmp, explorti.exe, 00000009.00000002.2282977099.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000D.00000002.2288956274.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000F.00000002.2362284017.0000000000477000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000012.00000002.3265021970.0000000000477000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000013.00000002.3264864901.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp |
Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please, |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: ,Windows 2012 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696428655d |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000002.2443375443.0000000002657000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443375443.0000000002607000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000012.00000002.3270683057.000000000154A000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3270790823.0000000001885000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3270790823.0000000001858000.00000004.00000020.00020000.00000000.sdmp, 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002666000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696428655u |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V (core) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmtoolsd.exeuvmwaretray.exeuvmacthlp.exeuvboxtray.exeuvboxservice.exeuvmsrvc.exeuprl_tools.exeuxenservice.exeuAntiVM.CheckProcessT |
Source: stub.exe, 00000019.00000003.3016768492.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3014173409.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3002278553.000002606F473000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2988153464.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020050954.000002606F47E000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3096155859.000002606F484000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Time Synchronization Service |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696428655t |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core) |
Source: 97a671ae5d.exe, 00000014.00000002.2744921977.00000000025FD000.00000040.00000020.00020000.00000000.sdmp |
Binary or memory string: VMwareVMware |
Source: stub.exe, 00000019.00000003.3016768492.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3014173409.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3002278553.000002606F473000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2988153464.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020050954.000002606F47E000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3096155859.000002606F484000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Guest Shutdown Service |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmusrvc.exe |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655x |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V (core) |
Source: userGCAFCAFHJJ.exe, 00000008.00000003.2275354382.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmtoolsd.exe |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: xVBoxService.exe |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696428655} |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655 |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmwaretray.exe |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696428655} |
Source: stub.exe, 00000019.00000002.3098957207.000002606FD82000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3098891403.000002606FC92000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3282714744.0000000001E4E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: VMWare |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvboxtray.exe |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: #Windows 11 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full) |
Source: stub.exe, 00000019.00000002.3098957207.000002606FD82000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: *Hyper-V Administrators |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 2016 Server Standard without Hyper-V (core) |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002617000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWh |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: aqemu |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Microsoft Hyper-V Server |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: avirtualboxavmwareuAntiVM.CheckGpuadecoded_outputu<genexpr>uAntiVM.CheckGpu.<locals>.<genexpr>L |
Source: stub.exe, 00000019.00000003.3025477729.000002606E70F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW` |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 0Windows 8 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696428655o |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: stub.exe, 00000019.00000003.3016768492.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3014173409.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3002278553.000002606F473000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2988153464.000002606F47C000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020050954.000002606F47E000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000002.3096155859.000002606F484000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Data Exchange Service |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696428655x |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: RoamingIDBGHDGHCG.exe, RoamingIDBGHDGHCG.exe, 00000005.00000002.2246869524.00000000004C7000.00000040.00000001.01000000.00000009.sdmp, userGCAFCAFHJJ.exe, userGCAFCAFHJJ.exe, 00000008.00000002.2316247776.0000000000557000.00000040.00000001.01000000.0000000B.sdmp, explorti.exe, explorti.exe, 00000009.00000002.2282977099.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000D.00000002.2288956274.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000F.00000002.2362284017.0000000000477000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000012.00000002.3265021970.0000000000477000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000013.00000002.3264864901.0000000000F37000.00000040.00000001.01000000.0000000D.sdmp |
Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__ |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Standard without Hyper-V |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvboxservice.exe |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uqemu-ga.exe |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmsrvc.exe |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: cvmware |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V |
Source: stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SERVICE_NAME: vmicheartbeat |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696428655t |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Hyper-V (guest) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655 |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696428655s |
Source: stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SERVICE_NAME: vmicshutdown |
Source: 342db65350.exe, 00000017.00000002.3265664089.0000000000326000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: ~VirtualMachineTypes |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.0000000000326000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Standard without Hyper-V |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h |
Source: 342db65350.exe, 00000017.00000002.3339226587.0000000006443000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\] |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: %Windows 2012 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: $Windows 8.1 Microsoft Hyper-V Server |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655 |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696428655 |
Source: stub.exe, 00000019.00000002.3093364671.000002606F235000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020784420.000002606F235000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Heartbeat Service |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uvmwareuser.exe |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Enterprise without Hyper-V (full) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: avmware |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: %Windows 2016 Microsoft Hyper-V Server |
Source: RoamingIDBGHDGHCG.exe, 00000005.00000002.2248551949.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\ |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: +Windows 8.1 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Standard without Hyper-V |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: asandboxacuckooavmavirtualaqemuavboxaxenanodeuAntiVM.CheckHostNameT |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696428655] |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Enterprise without Hyper-V (core) |
Source: stub.exe, 00000019.00000002.3093364671.000002606F235000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.3020784420.000002606F235000.00000004.00000020.00020000.00000000.sdmp, stub.exe, 00000019.00000003.2980692355.000002606FD93000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: DISPLAY_NAME: Hyper-V Guest Service Interface |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 11 Server Datacenter without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 10 Server Enterprise without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full) |
Source: file.exe, 00000000.00000003.2082844403.0000000028D2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^ |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: *Windows 11 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: ,Windows 2016 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 8 Server Datacenter without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2016 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: VBoxService.exe |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: cVMware |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: *Windows 10 Server Standard without Hyper-V |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 1Windows 11 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 1Windows 10 Server Standard without Hyper-V (core) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Enterprise without Hyper-V (full) |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: Windows 2012 Server Datacenter without Hyper-V (full) |
Source: 97a671ae5d.exe, 00000014.00000002.2744968028.0000000002666000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWH |
Source: axplong.exe, 00000012.00000002.3270683057.0000000001578000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWd2 |
Source: 342db65350.exe, 00000017.00000002.3265664089.00000000001F6000.00000040.00000001.01000000.00000011.sdmp |
Binary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core) |
Source: build.exe, 00000018.00000003.2773862520.0000020780A2D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: uwmic path Win32_ComputerSystem get ManufacturercVMwarecvmwareuAntiVM.CheckHypervisoraFakeErrorT |
Source: C:\Users\user\Desktop\file.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001\build.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001\build.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\crypted.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000003001\5447jsX.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000004001\crypteda.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\2.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000005001\2.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000009001\25072023.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000009001\25072023.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000010001\pered.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000010001\pered.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000012001\2020.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000012001\2020.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000014001\gawdth.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000014001\gawdth.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000017001\342db65350.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\multidict VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\multidict VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\multidict VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001\build.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001\build.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001\build.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\MonsterUpdateService\Monster.exe VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\attachments VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\reports VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AutofillStrikeDatabase VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Download Service\Files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_GB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalDB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ar VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\de VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\en-GB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\es VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\id VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\fr VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\de VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\es VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\en-GB VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\es VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\fr VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Logins.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Logins.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Web.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Web.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Cookies.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\1000001001 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724 VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\Cookies.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\HistoryData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\HistoryData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\DownloadData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\DownloadData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\AutofillData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\AutofillData.db VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: \Device\CdRom0\ VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Games VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\screenshot.png VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\screenshot.png VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\process_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Firefox\History.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Cookies.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\system_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\network_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Sessions VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Tokens VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493.zip VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Wallets VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\network_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\network_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\network_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\process_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\process_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\process_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\screenshot.png VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\screenshot.png VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\screenshot.png VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\system_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\system_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\system_info.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Firefox VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Cookies.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Cookies.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Cookies.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Firefox VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Firefox\History.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Browsers\Firefox\History.txt VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493\Wallets VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493.zip VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493.zip VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\2ED92742-89DC-DD72-92E8-869FA5A66493 VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\1000016001\97a671ae5d.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\System32\netsh.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Bookmarks |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7 |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfnd |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnnegphlobjdpkhecapkijjdkgcjhkib |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable |
Source: C:\Users\user\AppData\Local\Temp\onefile_3032_133665109925829724\stub.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb |