Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: explorer.exe, 00000006.00000000.2160221869.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000962B000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
Source: explorer.exe, 00000006.00000002.4609091546.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000000.2156332726.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.4613506646.0000000007B60000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://schemas.micro |
Source: TEKLIF 2002509.exe, 00000000.00000002.2149822978.0000000002A41000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.8009.top |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.8009.top/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.8009.top/bc01/www.nfluencer-marketing-17923.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.8009.topReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akemoneyonline.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akemoneyonline.bond/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akemoneyonline.bond/bc01/www.lkjuy.xyz |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akemoneyonline.bondReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.avada-casino-tlj.buzz |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.avada-casino-tlj.buzz/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.avada-casino-tlj.buzz/bc01/www.nline-degree-6987776.world |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.avada-casino-tlj.buzzReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ealthandwellnessly.digital |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ealthandwellnessly.digital/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ealthandwellnessly.digital/bc01/www.ractors-42621.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ealthandwellnessly.digitalReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.epatitis-treatment-26155.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.epatitis-treatment-26155.bond/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.epatitis-treatment-26155.bond/bc01/www.ealthandwellnessly.digital |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.epatitis-treatment-26155.bondReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ewferg.top |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ewferg.top/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ewferg.top/bc01/www.epatitis-treatment-26155.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ewferg.topReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ffpage.shop |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ffpage.shop/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ffpage.shop/bc01/www.mberbreeze.cyou |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ffpage.shopReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lkjuy.xyz |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lkjuy.xyz/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lkjuy.xyz/bc01/www.sicologosportugueses.online |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lkjuy.xyzReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mberbreeze.cyou |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mberbreeze.cyou/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mberbreeze.cyou/bc01/www.obs-for-seniors-39582.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mberbreeze.cyouReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nfluencer-marketing-17923.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nfluencer-marketing-17923.bond/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nfluencer-marketing-17923.bond/bc01/www.ewferg.top |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nfluencer-marketing-17923.bondReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nline-degree-6987776.world |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nline-degree-6987776.world/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nline-degree-6987776.world/bc01/www.8009.top |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.nline-degree-6987776.worldReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.obs-for-seniors-39582.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.obs-for-seniors-39582.bond/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.obs-for-seniors-39582.bond/bc01/www.uhtwister.cloud |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.obs-for-seniors-39582.bondReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ractors-42621.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ractors-42621.bond/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ractors-42621.bond/bc01/www.torygame168.online |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ractors-42621.bondReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.sicologosportugueses.online |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.sicologosportugueses.online/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.sicologosportugueses.online/bc01/www.avada-casino-tlj.buzz |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.sicologosportugueses.onlineReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.torygame168.online |
Source: explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.torygame168.online/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.torygame168.online/bc01/_ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.torygame168.onlineReferer: |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uhtwister.cloud |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uhtwister.cloud/bc01/ |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uhtwister.cloud/bc01/www.akemoneyonline.bond |
Source: explorer.exe, 00000006.00000002.4620685422.000000000C4E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2983565236.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075073896.000000000C4EF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uhtwister.cloudReferer: |
Source: explorer.exe, 00000006.00000002.4614750288.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2161826176.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979331163.00000000099AB000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp |
Source: explorer.exe, 00000006.00000002.4618097457.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2165698590.000000000BFDF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://android.notify.windows.com/iOS |
Source: explorer.exe, 00000006.00000000.2160221869.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000962B000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/ |
Source: explorer.exe, 00000006.00000000.2160221869.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000962B000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/I |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
Source: explorer.exe, 00000006.00000000.2160221869.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4614750288.000000000962B000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows? |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
Source: explorer.exe, 00000006.00000002.4614750288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2160221869.000000000973C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.com |
Source: explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
Source: explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg |
Source: explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
Source: explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark |
Source: explorer.exe, 00000006.00000002.4618097457.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075352059.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2985609705.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2165698590.000000000C048000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://excel.office.com- |
Source: explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img |
Source: explorer.exe, 00000006.00000002.4618097457.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075352059.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2985609705.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2165698590.000000000C048000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://outlook.come |
Source: explorer.exe, 00000006.00000000.2165698590.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.4618097457.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://powerpoint.office.comEMd |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
Source: explorer.exe, 00000006.00000002.4614750288.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2161826176.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2979331163.00000000099AB000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://wns.windows.com/e |
Source: explorer.exe, 00000006.00000002.4618097457.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.3075352059.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.2985609705.000000000C071000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2165698590.000000000C048000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://word.office.comM |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar- |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its- |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized- |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of- |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve |
Source: explorer.exe, 00000006.00000002.4612185062.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.2153091637.00000000073E5000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com:443/en-us/feed |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A330 NtCreateFile, | 5_2_0041A330 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A3E0 NtReadFile, | 5_2_0041A3E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A460 NtClose, | 5_2_0041A460 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A510 NtAllocateVirtualMemory, | 5_2_0041A510 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A3DB NtReadFile, | 5_2_0041A3DB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041A50F NtAllocateVirtualMemory, | 5_2_0041A50F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2B60 NtClose,LdrInitializeThunk, | 5_2_015D2B60 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk, | 5_2_015D2BF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2AD0 NtReadFile,LdrInitializeThunk, | 5_2_015D2AD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2D10 NtMapViewOfSection,LdrInitializeThunk, | 5_2_015D2D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2D30 NtUnmapViewOfSection,LdrInitializeThunk, | 5_2_015D2D30 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2DD0 NtDelayExecution,LdrInitializeThunk, | 5_2_015D2DD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2DF0 NtQuerySystemInformation,LdrInitializeThunk, | 5_2_015D2DF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2C70 NtFreeVirtualMemory,LdrInitializeThunk, | 5_2_015D2C70 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2CA0 NtQueryInformationToken,LdrInitializeThunk, | 5_2_015D2CA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2F30 NtCreateSection,LdrInitializeThunk, | 5_2_015D2F30 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2FE0 NtCreateFile,LdrInitializeThunk, | 5_2_015D2FE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2F90 NtProtectVirtualMemory,LdrInitializeThunk, | 5_2_015D2F90 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2FB0 NtResumeThread,LdrInitializeThunk, | 5_2_015D2FB0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2E80 NtReadVirtualMemory,LdrInitializeThunk, | 5_2_015D2E80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk, | 5_2_015D2EA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D4340 NtSetContextThread, | 5_2_015D4340 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D4650 NtSuspendThread, | 5_2_015D4650 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2BE0 NtQueryValueKey, | 5_2_015D2BE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2B80 NtQueryInformationFile, | 5_2_015D2B80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2BA0 NtEnumerateValueKey, | 5_2_015D2BA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2AF0 NtWriteFile, | 5_2_015D2AF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2AB0 NtWaitForSingleObject, | 5_2_015D2AB0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2D00 NtSetInformationFile, | 5_2_015D2D00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2DB0 NtEnumerateKey, | 5_2_015D2DB0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2C60 NtCreateKey, | 5_2_015D2C60 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2C00 NtQueryInformationProcess, | 5_2_015D2C00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2CC0 NtQueryVirtualMemory, | 5_2_015D2CC0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2CF0 NtOpenProcess, | 5_2_015D2CF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2F60 NtCreateProcessEx, | 5_2_015D2F60 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2FA0 NtQuerySection, | 5_2_015D2FA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2E30 NtWriteVirtualMemory, | 5_2_015D2E30 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2EE0 NtQueueApcThread, | 5_2_015D2EE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D3010 NtOpenDirectoryObject, | 5_2_015D3010 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D3090 NtSetValueKey, | 5_2_015D3090 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D35C0 NtCreateMutant, | 5_2_015D35C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D39B0 NtGetContextThread, | 5_2_015D39B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D3D70 NtOpenThread, | 5_2_015D3D70 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D3D10 NtOpenProcessToken, | 5_2_015D3D10 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E39F232 NtCreateFile, | 6_2_0E39F232 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E3A0E12 NtProtectVirtualMemory, | 6_2_0E3A0E12 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E3A0E0A NtProtectVirtualMemory, | 6_2_0E3A0E0A |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792D10 NtMapViewOfSection,LdrInitializeThunk, | 7_2_05792D10 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792DF0 NtQuerySystemInformation,LdrInitializeThunk, | 7_2_05792DF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792DD0 NtDelayExecution,LdrInitializeThunk, | 7_2_05792DD0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792C70 NtFreeVirtualMemory,LdrInitializeThunk, | 7_2_05792C70 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792C60 NtCreateKey,LdrInitializeThunk, | 7_2_05792C60 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792CA0 NtQueryInformationToken,LdrInitializeThunk, | 7_2_05792CA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792F30 NtCreateSection,LdrInitializeThunk, | 7_2_05792F30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792FE0 NtCreateFile,LdrInitializeThunk, | 7_2_05792FE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792EA0 NtAdjustPrivilegesToken,LdrInitializeThunk, | 7_2_05792EA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792B60 NtClose,LdrInitializeThunk, | 7_2_05792B60 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792BF0 NtAllocateVirtualMemory,LdrInitializeThunk, | 7_2_05792BF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792BE0 NtQueryValueKey,LdrInitializeThunk, | 7_2_05792BE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792AD0 NtReadFile,LdrInitializeThunk, | 7_2_05792AD0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057935C0 NtCreateMutant,LdrInitializeThunk, | 7_2_057935C0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05794650 NtSuspendThread, | 7_2_05794650 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05794340 NtSetContextThread, | 7_2_05794340 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792D30 NtUnmapViewOfSection, | 7_2_05792D30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792D00 NtSetInformationFile, | 7_2_05792D00 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792DB0 NtEnumerateKey, | 7_2_05792DB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792C00 NtQueryInformationProcess, | 7_2_05792C00 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792CF0 NtOpenProcess, | 7_2_05792CF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792CC0 NtQueryVirtualMemory, | 7_2_05792CC0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792F60 NtCreateProcessEx, | 7_2_05792F60 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792FB0 NtResumeThread, | 7_2_05792FB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792FA0 NtQuerySection, | 7_2_05792FA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792F90 NtProtectVirtualMemory, | 7_2_05792F90 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792E30 NtWriteVirtualMemory, | 7_2_05792E30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792EE0 NtQueueApcThread, | 7_2_05792EE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792E80 NtReadVirtualMemory, | 7_2_05792E80 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792BA0 NtEnumerateValueKey, | 7_2_05792BA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792B80 NtQueryInformationFile, | 7_2_05792B80 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792AF0 NtWriteFile, | 7_2_05792AF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05792AB0 NtWaitForSingleObject, | 7_2_05792AB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05793010 NtOpenDirectoryObject, | 7_2_05793010 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05793090 NtSetValueKey, | 7_2_05793090 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05793D70 NtOpenThread, | 7_2_05793D70 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05793D10 NtOpenProcessToken, | 7_2_05793D10 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057939B0 NtGetContextThread, | 7_2_057939B0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A460 NtClose, | 7_2_04C7A460 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A510 NtAllocateVirtualMemory, | 7_2_04C7A510 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A3E0 NtReadFile, | 7_2_04C7A3E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A330 NtCreateFile, | 7_2_04C7A330 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A50F NtAllocateVirtualMemory, | 7_2_04C7A50F |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7A3DB NtReadFile, | 7_2_04C7A3DB |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0550A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread, | 7_2_0550A036 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05509BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose, | 7_2_05509BAF |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0550A042 NtQueryInformationProcess, | 7_2_0550A042 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05509BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 7_2_05509BB2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_00D4DEEC | 0_2_00D4DEEC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A047A8 | 0_2_07A047A8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A05FA8 | 0_2_07A05FA8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A04798 | 0_2_07A04798 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A06DE8 | 0_2_07A06DE8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A05D37 | 0_2_07A05D37 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A04370 | 0_2_07A04370 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A0B938 | 0_2_07A0B938 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 0_2_07A068D8 | 0_2_07A068D8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041E857 | 5_2_0041E857 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00401030 | 5_2_00401030 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041DAED | 5_2_0041DAED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041DA9C | 5_2_0041DA9C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041E4DB | 5_2_0041E4DB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041D573 | 5_2_0041D573 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00402D89 | 5_2_00402D89 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00402D90 | 5_2_00402D90 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0041EE4C | 5_2_0041EE4C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00409E5B | 5_2_00409E5B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00409E60 | 5_2_00409E60 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_00402FB0 | 5_2_00402FB0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01628158 | 5_2_01628158 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590100 | 5_2_01590100 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163A118 | 5_2_0163A118 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016581CC | 5_2_016581CC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016601AA | 5_2_016601AA |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165A352 | 5_2_0165A352 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016603E6 | 5_2_016603E6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE3F0 | 5_2_015AE3F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016202C0 | 5_2_016202C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01660591 | 5_2_01660591 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01652446 | 5_2_01652446 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164E4F6 | 5_2_0164E4F6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C4750 | 5_2_015C4750 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159C7C0 | 5_2_0159C7C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BC6E0 | 5_2_015BC6E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B6962 | 5_2_015B6962 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0166A9A6 | 5_2_0166A9A6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A2840 | 5_2_015A2840 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AA840 | 5_2_015AA840 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE8F0 | 5_2_015CE8F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015868B8 | 5_2_015868B8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165AB40 | 5_2_0165AB40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01656BD7 | 5_2_01656BD7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AAD00 | 5_2_015AAD00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 | 5_2_0159ADE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B8DBF | 5_2_015B8DBF |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0C00 | 5_2_015A0C00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590CF2 | 5_2_01590CF2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640CB5 | 5_2_01640CB5 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01614F40 | 5_2_01614F40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C0F30 | 5_2_015C0F30 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E2F28 | 5_2_015E2F28 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01592FC8 | 5_2_01592FC8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015ACFE0 | 5_2_015ACFE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161EFA0 | 5_2_0161EFA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0E59 | 5_2_015A0E59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165EE26 | 5_2_0165EE26 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165EEDB | 5_2_0165EEDB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2E90 | 5_2_015B2E90 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165CE93 | 5_2_0165CE93 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0166B16B | 5_2_0166B16B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158F172 | 5_2_0158F172 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D516C | 5_2_015D516C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AB1B0 | 5_2_015AB1B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165F0E0 | 5_2_0165F0E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016570E9 | 5_2_016570E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A70C0 | 5_2_015A70C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164F0CC | 5_2_0164F0CC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158D34C | 5_2_0158D34C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165132D | 5_2_0165132D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E739A | 5_2_015E739A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016412ED | 5_2_016412ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BB2C0 | 5_2_015BB2C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A52A0 | 5_2_015A52A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01657571 | 5_2_01657571 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163D5B0 | 5_2_0163D5B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01591460 | 5_2_01591460 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165F43F | 5_2_0165F43F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165F7B0 | 5_2_0165F7B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016516CC | 5_2_016516CC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A9950 | 5_2_015A9950 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BB950 | 5_2_015BB950 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01635910 | 5_2_01635910 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160D800 | 5_2_0160D800 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A38E0 | 5_2_015A38E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165FB76 | 5_2_0165FB76 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01615BF0 | 5_2_01615BF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015DDBF9 | 5_2_015DDBF9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BFB80 | 5_2_015BFB80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01613A6C | 5_2_01613A6C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01657A46 | 5_2_01657A46 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165FA49 | 5_2_0165FA49 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164DAC6 | 5_2_0164DAC6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163DAAC | 5_2_0163DAAC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E5AA0 | 5_2_015E5AA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01657D73 | 5_2_01657D73 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A3D40 | 5_2_015A3D40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01651D5A | 5_2_01651D5A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BFDC0 | 5_2_015BFDC0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01619C32 | 5_2_01619C32 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165FCF2 | 5_2_0165FCF2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165FF09 | 5_2_0165FF09 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A1F92 | 5_2_015A1F92 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165FFB1 | 5_2_0165FFB1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A9EB0 | 5_2_015A9EB0 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0CA232 | 6_2_0E0CA232 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C4B30 | 6_2_0E0C4B30 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C4B32 | 6_2_0E0C4B32 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C9036 | 6_2_0E0C9036 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C0082 | 6_2_0E0C0082 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C1D02 | 6_2_0E0C1D02 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0C7912 | 6_2_0E0C7912 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E0CD5CD | 6_2_0E0CD5CD |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E218232 | 6_2_0E218232 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E212B30 | 6_2_0E212B30 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E212B32 | 6_2_0E212B32 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E217036 | 6_2_0E217036 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E20E082 | 6_2_0E20E082 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E20FD02 | 6_2_0E20FD02 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E215912 | 6_2_0E215912 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E21B5CD | 6_2_0E21B5CD |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E39F232 | 6_2_0E39F232 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E39E036 | 6_2_0E39E036 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E395082 | 6_2_0E395082 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E399B30 | 6_2_0E399B30 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E399B32 | 6_2_0E399B32 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E39C912 | 6_2_0E39C912 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E396D02 | 6_2_0E396D02 |
Source: C:\Windows\explorer.exe | Code function: 6_2_0E3A25CD | 6_2_0E3A25CD |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05820591 | 7_2_05820591 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05760535 | 7_2_05760535 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0580E4F6 | 7_2_0580E4F6 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05812446 | 7_2_05812446 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05760770 | 7_2_05760770 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05784750 | 7_2_05784750 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0575C7C0 | 7_2_0575C7C0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0577C6E0 | 7_2_0577C6E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057E8158 | 7_2_057E8158 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058201AA | 7_2_058201AA |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058181CC | 7_2_058181CC |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057FA118 | 7_2_057FA118 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05750100 | 7_2_05750100 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057F2000 | 7_2_057F2000 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058203E6 | 7_2_058203E6 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0576E3F0 | 7_2_0576E3F0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581A352 | 7_2_0581A352 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057E02C0 | 7_2_057E02C0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05800274 | 7_2_05800274 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057FCD1F | 7_2_057FCD1F |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0576AD00 | 7_2_0576AD00 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0575ADE0 | 7_2_0575ADE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05778DBF | 7_2_05778DBF |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05800CB5 | 7_2_05800CB5 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05760C00 | 7_2_05760C00 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05750CF2 | 7_2_05750CF2 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057D4F40 | 7_2_057D4F40 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05780F30 | 7_2_05780F30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057A2F28 | 7_2_057A2F28 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0576CFE0 | 7_2_0576CFE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05752FC8 | 7_2_05752FC8 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057DEFA0 | 7_2_057DEFA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581CE93 | 7_2_0581CE93 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05760E59 | 7_2_05760E59 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581EEDB | 7_2_0581EEDB |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581EE26 | 7_2_0581EE26 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05772E90 | 7_2_05772E90 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05776962 | 7_2_05776962 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0582A9A6 | 7_2_0582A9A6 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057629A0 | 7_2_057629A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05762840 | 7_2_05762840 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0576A840 | 7_2_0576A840 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0578E8F0 | 7_2_0578E8F0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057468B8 | 7_2_057468B8 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05816BD7 | 7_2_05816BD7 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581AB40 | 7_2_0581AB40 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0575EA80 | 7_2_0575EA80 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057FD5B0 | 7_2_057FD5B0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05817571 | 7_2_05817571 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05751460 | 7_2_05751460 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581F43F | 7_2_0581F43F |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581F7B0 | 7_2_0581F7B0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058116CC | 7_2_058116CC |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0574F172 | 7_2_0574F172 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0579516C | 7_2_0579516C |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0576B1B0 | 7_2_0576B1B0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0582B16B | 7_2_0582B16B |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0580F0CC | 7_2_0580F0CC |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581F0E0 | 7_2_0581F0E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058170E9 | 7_2_058170E9 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057670C0 | 7_2_057670C0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0574D34C | 7_2_0574D34C |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581132D | 7_2_0581132D |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057A739A | 7_2_057A739A |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_058012ED | 7_2_058012ED |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0577B2C0 | 7_2_0577B2C0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057652A0 | 7_2_057652A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05763D40 | 7_2_05763D40 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0577FDC0 | 7_2_0577FDC0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05811D5A | 7_2_05811D5A |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05817D73 | 7_2_05817D73 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057D9C32 | 7_2_057D9C32 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581FCF2 | 7_2_0581FCF2 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581FFB1 | 7_2_0581FFB1 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581FF09 | 7_2_0581FF09 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05761F92 | 7_2_05761F92 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05769EB0 | 7_2_05769EB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05769950 | 7_2_05769950 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0577B950 | 7_2_0577B950 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057F5910 | 7_2_057F5910 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057CD800 | 7_2_057CD800 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057638E0 | 7_2_057638E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0579DBF9 | 7_2_0579DBF9 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057D5BF0 | 7_2_057D5BF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581FB76 | 7_2_0581FB76 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0577FB80 | 7_2_0577FB80 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057D3A6C | 7_2_057D3A6C |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05801AA3 | 7_2_05801AA3 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0580DAC6 | 7_2_0580DAC6 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05817A46 | 7_2_05817A46 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0581FA49 | 7_2_0581FA49 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057FDAAC | 7_2_057FDAAC |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_057A5AA0 | 7_2_057A5AA0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7E4CE | 7_2_04C7E4CE |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C62D89 | 7_2_04C62D89 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C62D90 | 7_2_04C62D90 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7D573 | 7_2_04C7D573 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7EE4C | 7_2_04C7EE4C |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C69E5B | 7_2_04C69E5B |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C69E60 | 7_2_04C69E60 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C62FB0 | 7_2_04C62FB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7E857 | 7_2_04C7E857 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_04C7DA9C | 7_2_04C7DA9C |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0550A036 | 7_2_0550A036 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05502D02 | 7_2_05502D02 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0550E5CD | 7_2_0550E5CD |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05508912 | 7_2_05508912 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05501082 | 7_2_05501082 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05505B30 | 7_2_05505B30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_05505B32 | 7_2_05505B32 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 7_2_0550B232 | 7_2_0550B232 |
Source: 5.2.TEKLIF 2002509.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 5.2.TEKLIF 2002509.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 5.2.TEKLIF 2002509.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 5.2.TEKLIF 2002509.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 5.2.TEKLIF 2002509.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 5.2.TEKLIF 2002509.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 5.2.TEKLIF 2002509.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 5.2.TEKLIF 2002509.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.2270351243.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000005.00000002.2270351243.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000005.00000002.2270351243.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000005.00000002.2270351243.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.2270725098.000000000146F000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000007.00000002.4603507582.0000000004C60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000007.00000002.4603507582.0000000004C60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000007.00000002.4603507582.0000000004C60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.4603507582.0000000004C60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000002.4607228112.0000000005350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000007.00000002.4607228112.0000000005350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000007.00000002.4607228112.0000000005350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.4607228112.0000000005350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000002.4607400279.0000000005380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000007.00000002.4607400279.0000000005380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000007.00000002.4607400279.0000000005380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000002.4607400279.0000000005380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.2150736016.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Diceloader_15eeb7b9 reference_sample = a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746, os = windows, severity = x86, creation_date = 2021-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Diceloader, fingerprint = 4cc70bec5d241c6f84010fbfe2eafbc6ec6d753df2bb3f52d9498b54b11fc8cb, id = 15eeb7b9-311f-477b-8ae1-b8f689a154b7, last_modified = 2021-08-23 |
Source: 00000000.00000002.2150736016.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.2150736016.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.2150736016.0000000003A49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: TEKLIF 2002509.exe PID: 3184, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: TEKLIF 2002509.exe PID: 5068, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR | Matched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56 |
Source: Process Memory Space: chkdsk.exe PID: 1816, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, heQCqOCOAbT2gUwU8T.cs | High entropy of concatenated method names: 'BrE6CXyFYW', 'QJN6R4TwBL', 'Hvj6egGNIV', 'nd16YJSPHY', 'E9n6O0ZDJ2', 'w6b6KkD5Aj', 'Oms6g0XGiG', 'Jch6GRQIxn', 'dxw6FUWB9S', 'fCh6DSOZ0P' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, TDtukO6GfaUXhl2KOo.cs | High entropy of concatenated method names: 'Sr07XDI55B', 'QtU7jEUc8t', 'B1S7AGXXFF', 'XIu78AqWqq', 'Sh572uHCc6', 'M857SbiVNS', 'lwl7cA94mf', 'FYT090W2Is', 'iKZ0NVb8Yq', 'y0l0hdvoY9' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, ypRME2DH0KH6NXESPt.cs | High entropy of concatenated method names: 'BQT0TwqcX5', 'CAK0tSvT0b', 'vvL0dUaGm7', 'bCa03TqHHP', 'HQW0yAJyoD', 'cH60Mx6te4', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, QeDj08uv5Gyt8HZAr2q.cs | High entropy of concatenated method names: 'xp77CnW8lN', 'kyV7RadaYb', 'tGB7eFkuVy', 'z7I7YIUuYk', 'H1i7O7rsjg', 'n587KBbyen', 'kL97grEFaa', 'Lto7GJPX6n', 'm047FnEyii', 'IZK7DUx7q1' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, UXnH0fbaR81yZxE9m6.cs | High entropy of concatenated method names: 'Y6tej7BLG', 'GdrY93CYX', 'i7cKUYclH', 'DnQgtYgsa', 'qBOFgokEX', 'FXNDQ9aKy', 'd7YIe8ehyCgRUTpYfX', 'hiPvK05gq0jvJKVv0m', 'Tt60rplEb', 'AwlmnH5dR' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, Qy9rUWPyo7qf6AWgkP.cs | High entropy of concatenated method names: 'ikFvoswQLB', 'cXcvnXj6tm', 'ToString', 'iIfv8AVOEB', 'fnCv2fGtLi', 'NufvZYLXgQ', 'tJHvSxc8ny', 'SRovcy1J80', 'doLv6Kgna2', 'eljvEMB2X1' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, ywlHyox3VgNfgD8hfG.cs | High entropy of concatenated method names: 'YmrQGngwiC', 'hK2QFN8QUQ', 'M65QTB7BlH', 'nIEQtfgTJ4', 'hJCQ3WSEkG', 'iL1QMHg9UJ', 'qkLQxrZ9wb', 'bnjQ1LnsSx', 'd1KQUaqaVo', 'rjbQr9UpM3' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, VGRc9N4PfOyfPQ8fBe.cs | High entropy of concatenated method names: 'U37vNgGJO2', 'QElvaV5mBU', 'MDv04wddx4', 'lMI0XYDCD8', 'FfvvrQL0Ar', 'NBnvWX0kOX', 'xnBvw5N5qb', 'r2QvyjwA91', 'GkUvVpt9SE', 'jE3vByxJK3' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, qNgdCMuJtVgkUgx1iYT.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MEHmyk3ydF', 'T5DmVKeXQU', 'Fw3mBDROZ4', 'b6xmbF87dS', 'I4YmijDe77', 'LeFmParLDi', 'dddm91xjHq' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, nXDjhnc6rpeKmEPU6W.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wF0Lhwx0xs', 'v3SLaE6txj', 'rW6LzW0m6q', 'qasj4qNcMT', 'GPbjX4qRJU', 'DRBjLHq36a', 'HkTjjANg83', 'ufowXSwKDB9GvrIXy2u' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, XO1rwv9tMAukoct4Me.cs | High entropy of concatenated method names: 'ToString', 'YUWkra1qHb', 'uRuktJcQTq', 'IcxkdQWvyQ', 'hTyk3Yw77B', 'DbckMq7EAp', 'DWFks6oXkt', 'R6Hkx2BdLs', 'm5bk17Bq6G', 'yVYku4Le5u' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, wCU9vxKnwQhdQeKf63.cs | High entropy of concatenated method names: 'ci4jqFa4tg', 'vXgj876sEA', 'cY7j2Ge4hR', 'xnLjZRprUv', 'JFXjS9b4Rq', 'w0sjcxBVqP', 'vD1j6121vR', 'GZSjETtD78', 'VaSjlfaSB9', 'XlnjoLJ0OH' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, FMRpxsMUdTJr0QpsDa.cs | High entropy of concatenated method names: 'aPF68fZDxo', 'T986ZKiT2A', 'soe6cTwkk2', 'jl3cakGEPO', 'RsDczMiZ2h', 'IcZ64x1bKF', 'k9C6XdpSyA', 'u226LwTTTQ', 'IAS6jCK1RA', 'nKC6AFY1eN' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, lfySkRXcXOQywbZCfq.cs | High entropy of concatenated method names: 'GDb08KCApM', 'GaK02TTsvg', 'VPR0ZRGkWt', 'fKK0SFY7c3', 'mZh0clex8x', 'zSl06oJjxk', 'jmp0E9OoiH', 'vZt0lTgKZA', 'knL0o8IIRA', 'zW30nq4QK2' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, IV6JtV2LRtdxPmJqYT.cs | High entropy of concatenated method names: 'MLnZYs97QX', 'C3lZKfrMdR', 'vy9ZG54Goa', 'EZPZFAxmjs', 't4ZZIHSQ86', 'gM2Zk2yWaj', 'cCWZvny3Hu', 'XAOZ02CdDD', 'fyNZ7AMvHn', 'XXXZm0sVJY' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, bE3eCyUm6riB2iwlt7.cs | High entropy of concatenated method names: 'cp8cqk947G', 'rApc2BrhEp', 'YGacSBWT4t', 'RB7c6PVrfi', 'PuccEgTgtY', 'qa2Si10oPP', 'bxMSP6WatX', 'IVuS9fHinS', 'tb7SNF3eY4', 'zZJShtEFny' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, dQ8buBsFPhIFtUaRGF.cs | High entropy of concatenated method names: 'Dispose', 'I3tXhhGGhP', 'rtiLtTy8q5', 'RVFffGYOwy', 'kcxXaB3cd7', 'xyAXzIfNlX', 'ProcessDialogKey', 'JH6L4ykyBa', 'z4ALXBdCCo', 'DcrLL3JsY5' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, JM7O18raLdCsp0TT2f.cs | High entropy of concatenated method names: 'vXS2yR0RLq', 'c2Q2VObuwS', 'A2g2BHiZUX', 'dqX2bIPiqe', 'J8U2iQAglH', 'XOV2PBhIJN', 'zh429vXtPK', 'wOw2N6DqyP', 'NNx2hCyR3R', 'xnU2aaWjfQ' |
Source: 0.2.TEKLIF 2002509.exe.3c8ac90.2.raw.unpack, bYZGVsGsEIjObcNWh3.cs | High entropy of concatenated method names: 'l9YX6eutdN', 'E3vXEXMfKP', 'tSoXoX2jP2', 'EtRXn9Nmbi', 'qHnXI5nhrF', 'SCmXkLhpeR', 'wL8GYrsxZ29qqDDnVg', 'PDBMEoTSiJKjy11OVA', 'FVKbDEWqqa3d8flRxQ', 'KO7XXLXsqg' |
Source: 0.2.TEKLIF 2002509.exe.2ad99b0.0.raw.unpack, kD0JNdgNBriBGn5egS.cs | High entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u' |
Source: 0.2.TEKLIF 2002509.exe.2ad99b0.0.raw.unpack, QBy45BY4uMbUQs88Qq.cs | High entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG' |
Source: 0.2.TEKLIF 2002509.exe.2acc800.1.raw.unpack, kD0JNdgNBriBGn5egS.cs | High entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u' |
Source: 0.2.TEKLIF 2002509.exe.2acc800.1.raw.unpack, QBy45BY4uMbUQs88Qq.cs | High entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, heQCqOCOAbT2gUwU8T.cs | High entropy of concatenated method names: 'BrE6CXyFYW', 'QJN6R4TwBL', 'Hvj6egGNIV', 'nd16YJSPHY', 'E9n6O0ZDJ2', 'w6b6KkD5Aj', 'Oms6g0XGiG', 'Jch6GRQIxn', 'dxw6FUWB9S', 'fCh6DSOZ0P' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, TDtukO6GfaUXhl2KOo.cs | High entropy of concatenated method names: 'Sr07XDI55B', 'QtU7jEUc8t', 'B1S7AGXXFF', 'XIu78AqWqq', 'Sh572uHCc6', 'M857SbiVNS', 'lwl7cA94mf', 'FYT090W2Is', 'iKZ0NVb8Yq', 'y0l0hdvoY9' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, ypRME2DH0KH6NXESPt.cs | High entropy of concatenated method names: 'BQT0TwqcX5', 'CAK0tSvT0b', 'vvL0dUaGm7', 'bCa03TqHHP', 'HQW0yAJyoD', 'cH60Mx6te4', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, QeDj08uv5Gyt8HZAr2q.cs | High entropy of concatenated method names: 'xp77CnW8lN', 'kyV7RadaYb', 'tGB7eFkuVy', 'z7I7YIUuYk', 'H1i7O7rsjg', 'n587KBbyen', 'kL97grEFaa', 'Lto7GJPX6n', 'm047FnEyii', 'IZK7DUx7q1' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, UXnH0fbaR81yZxE9m6.cs | High entropy of concatenated method names: 'Y6tej7BLG', 'GdrY93CYX', 'i7cKUYclH', 'DnQgtYgsa', 'qBOFgokEX', 'FXNDQ9aKy', 'd7YIe8ehyCgRUTpYfX', 'hiPvK05gq0jvJKVv0m', 'Tt60rplEb', 'AwlmnH5dR' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, Qy9rUWPyo7qf6AWgkP.cs | High entropy of concatenated method names: 'ikFvoswQLB', 'cXcvnXj6tm', 'ToString', 'iIfv8AVOEB', 'fnCv2fGtLi', 'NufvZYLXgQ', 'tJHvSxc8ny', 'SRovcy1J80', 'doLv6Kgna2', 'eljvEMB2X1' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, ywlHyox3VgNfgD8hfG.cs | High entropy of concatenated method names: 'YmrQGngwiC', 'hK2QFN8QUQ', 'M65QTB7BlH', 'nIEQtfgTJ4', 'hJCQ3WSEkG', 'iL1QMHg9UJ', 'qkLQxrZ9wb', 'bnjQ1LnsSx', 'd1KQUaqaVo', 'rjbQr9UpM3' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, VGRc9N4PfOyfPQ8fBe.cs | High entropy of concatenated method names: 'U37vNgGJO2', 'QElvaV5mBU', 'MDv04wddx4', 'lMI0XYDCD8', 'FfvvrQL0Ar', 'NBnvWX0kOX', 'xnBvw5N5qb', 'r2QvyjwA91', 'GkUvVpt9SE', 'jE3vByxJK3' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, qNgdCMuJtVgkUgx1iYT.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MEHmyk3ydF', 'T5DmVKeXQU', 'Fw3mBDROZ4', 'b6xmbF87dS', 'I4YmijDe77', 'LeFmParLDi', 'dddm91xjHq' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, nXDjhnc6rpeKmEPU6W.cs | High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wF0Lhwx0xs', 'v3SLaE6txj', 'rW6LzW0m6q', 'qasj4qNcMT', 'GPbjX4qRJU', 'DRBjLHq36a', 'HkTjjANg83', 'ufowXSwKDB9GvrIXy2u' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, XO1rwv9tMAukoct4Me.cs | High entropy of concatenated method names: 'ToString', 'YUWkra1qHb', 'uRuktJcQTq', 'IcxkdQWvyQ', 'hTyk3Yw77B', 'DbckMq7EAp', 'DWFks6oXkt', 'R6Hkx2BdLs', 'm5bk17Bq6G', 'yVYku4Le5u' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, wCU9vxKnwQhdQeKf63.cs | High entropy of concatenated method names: 'ci4jqFa4tg', 'vXgj876sEA', 'cY7j2Ge4hR', 'xnLjZRprUv', 'JFXjS9b4Rq', 'w0sjcxBVqP', 'vD1j6121vR', 'GZSjETtD78', 'VaSjlfaSB9', 'XlnjoLJ0OH' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, FMRpxsMUdTJr0QpsDa.cs | High entropy of concatenated method names: 'aPF68fZDxo', 'T986ZKiT2A', 'soe6cTwkk2', 'jl3cakGEPO', 'RsDczMiZ2h', 'IcZ64x1bKF', 'k9C6XdpSyA', 'u226LwTTTQ', 'IAS6jCK1RA', 'nKC6AFY1eN' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, lfySkRXcXOQywbZCfq.cs | High entropy of concatenated method names: 'GDb08KCApM', 'GaK02TTsvg', 'VPR0ZRGkWt', 'fKK0SFY7c3', 'mZh0clex8x', 'zSl06oJjxk', 'jmp0E9OoiH', 'vZt0lTgKZA', 'knL0o8IIRA', 'zW30nq4QK2' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, IV6JtV2LRtdxPmJqYT.cs | High entropy of concatenated method names: 'MLnZYs97QX', 'C3lZKfrMdR', 'vy9ZG54Goa', 'EZPZFAxmjs', 't4ZZIHSQ86', 'gM2Zk2yWaj', 'cCWZvny3Hu', 'XAOZ02CdDD', 'fyNZ7AMvHn', 'XXXZm0sVJY' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, bE3eCyUm6riB2iwlt7.cs | High entropy of concatenated method names: 'cp8cqk947G', 'rApc2BrhEp', 'YGacSBWT4t', 'RB7c6PVrfi', 'PuccEgTgtY', 'qa2Si10oPP', 'bxMSP6WatX', 'IVuS9fHinS', 'tb7SNF3eY4', 'zZJShtEFny' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, dQ8buBsFPhIFtUaRGF.cs | High entropy of concatenated method names: 'Dispose', 'I3tXhhGGhP', 'rtiLtTy8q5', 'RVFffGYOwy', 'kcxXaB3cd7', 'xyAXzIfNlX', 'ProcessDialogKey', 'JH6L4ykyBa', 'z4ALXBdCCo', 'DcrLL3JsY5' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, JM7O18raLdCsp0TT2f.cs | High entropy of concatenated method names: 'vXS2yR0RLq', 'c2Q2VObuwS', 'A2g2BHiZUX', 'dqX2bIPiqe', 'J8U2iQAglH', 'XOV2PBhIJN', 'zh429vXtPK', 'wOw2N6DqyP', 'NNx2hCyR3R', 'xnU2aaWjfQ' |
Source: 0.2.TEKLIF 2002509.exe.7970000.4.raw.unpack, bYZGVsGsEIjObcNWh3.cs | High entropy of concatenated method names: 'l9YX6eutdN', 'E3vXEXMfKP', 'tSoXoX2jP2', 'EtRXn9Nmbi', 'qHnXI5nhrF', 'SCmXkLhpeR', 'wL8GYrsxZ29qqDDnVg', 'PDBMEoTSiJKjy11OVA', 'FVKbDEWqqa3d8flRxQ', 'KO7XXLXsqg' |
Source: 0.2.TEKLIF 2002509.exe.5410000.3.raw.unpack, kD0JNdgNBriBGn5egS.cs | High entropy of concatenated method names: 'ubU6vJppswKkZ', 'uvAmfDYbimWPg9rmyH6', 'XHYItoYHo1DoUvgeuNZ', 'tYVkNWYXlYIi7gDFfLn', 'TV4H82YzoL7kT86loIA', 'yoiEG7M3KqRFDlQAaqW', 'rU4RpWYS77WPQpUZwKR', 'vGvSIFYGEhSitdykOPg', 'TCSl6vMYjB5c5h75h4u' |
Source: 0.2.TEKLIF 2002509.exe.5410000.3.raw.unpack, QBy45BY4uMbUQs88Qq.cs | High entropy of concatenated method names: 'QByY45B4u', 'EbUNQs88Q', 'D8PguGCCm', 'gfwtorebq', 'rQ9oD0JNd', 'cBrXiBGn5', 'sgS08fT72', 'lmAQKmrG6', 'qn1mTNvNO', 'K084ZL4CG' |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\chkdsk.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596154 mov eax, dword ptr fs:[00000030h] | 5_2_01596154 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596154 mov eax, dword ptr fs:[00000030h] | 5_2_01596154 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158C156 mov eax, dword ptr fs:[00000030h] | 5_2_0158C156 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01624144 mov eax, dword ptr fs:[00000030h] | 5_2_01624144 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01624144 mov eax, dword ptr fs:[00000030h] | 5_2_01624144 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01624144 mov ecx, dword ptr fs:[00000030h] | 5_2_01624144 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01624144 mov eax, dword ptr fs:[00000030h] | 5_2_01624144 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01624144 mov eax, dword ptr fs:[00000030h] | 5_2_01624144 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01628158 mov eax, dword ptr fs:[00000030h] | 5_2_01628158 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01650115 mov eax, dword ptr fs:[00000030h] | 5_2_01650115 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C0124 mov eax, dword ptr fs:[00000030h] | 5_2_015C0124 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163A118 mov ecx, dword ptr fs:[00000030h] | 5_2_0163A118 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163A118 mov eax, dword ptr fs:[00000030h] | 5_2_0163A118 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163A118 mov eax, dword ptr fs:[00000030h] | 5_2_0163A118 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163A118 mov eax, dword ptr fs:[00000030h] | 5_2_0163A118 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016661E5 mov eax, dword ptr fs:[00000030h] | 5_2_016661E5 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C01F8 mov eax, dword ptr fs:[00000030h] | 5_2_015C01F8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016561C3 mov eax, dword ptr fs:[00000030h] | 5_2_016561C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016561C3 mov eax, dword ptr fs:[00000030h] | 5_2_016561C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E1D0 mov eax, dword ptr fs:[00000030h] | 5_2_0160E1D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E1D0 mov eax, dword ptr fs:[00000030h] | 5_2_0160E1D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E1D0 mov ecx, dword ptr fs:[00000030h] | 5_2_0160E1D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E1D0 mov eax, dword ptr fs:[00000030h] | 5_2_0160E1D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E1D0 mov eax, dword ptr fs:[00000030h] | 5_2_0160E1D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A197 mov eax, dword ptr fs:[00000030h] | 5_2_0158A197 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A197 mov eax, dword ptr fs:[00000030h] | 5_2_0158A197 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A197 mov eax, dword ptr fs:[00000030h] | 5_2_0158A197 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D0185 mov eax, dword ptr fs:[00000030h] | 5_2_015D0185 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01634180 mov eax, dword ptr fs:[00000030h] | 5_2_01634180 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01634180 mov eax, dword ptr fs:[00000030h] | 5_2_01634180 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164C188 mov eax, dword ptr fs:[00000030h] | 5_2_0164C188 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164C188 mov eax, dword ptr fs:[00000030h] | 5_2_0164C188 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161019F mov eax, dword ptr fs:[00000030h] | 5_2_0161019F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161019F mov eax, dword ptr fs:[00000030h] | 5_2_0161019F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161019F mov eax, dword ptr fs:[00000030h] | 5_2_0161019F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161019F mov eax, dword ptr fs:[00000030h] | 5_2_0161019F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01592050 mov eax, dword ptr fs:[00000030h] | 5_2_01592050 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BC073 mov eax, dword ptr fs:[00000030h] | 5_2_015BC073 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616050 mov eax, dword ptr fs:[00000030h] | 5_2_01616050 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE016 mov eax, dword ptr fs:[00000030h] | 5_2_015AE016 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE016 mov eax, dword ptr fs:[00000030h] | 5_2_015AE016 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE016 mov eax, dword ptr fs:[00000030h] | 5_2_015AE016 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE016 mov eax, dword ptr fs:[00000030h] | 5_2_015AE016 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626030 mov eax, dword ptr fs:[00000030h] | 5_2_01626030 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01614000 mov ecx, dword ptr fs:[00000030h] | 5_2_01614000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01632000 mov eax, dword ptr fs:[00000030h] | 5_2_01632000 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A020 mov eax, dword ptr fs:[00000030h] | 5_2_0158A020 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158C020 mov eax, dword ptr fs:[00000030h] | 5_2_0158C020 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016160E0 mov eax, dword ptr fs:[00000030h] | 5_2_016160E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158C0F0 mov eax, dword ptr fs:[00000030h] | 5_2_0158C0F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D20F0 mov ecx, dword ptr fs:[00000030h] | 5_2_015D20F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015980E9 mov eax, dword ptr fs:[00000030h] | 5_2_015980E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A0E3 mov ecx, dword ptr fs:[00000030h] | 5_2_0158A0E3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016120DE mov eax, dword ptr fs:[00000030h] | 5_2_016120DE |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016280A8 mov eax, dword ptr fs:[00000030h] | 5_2_016280A8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159208A mov eax, dword ptr fs:[00000030h] | 5_2_0159208A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016560B8 mov eax, dword ptr fs:[00000030h] | 5_2_016560B8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016560B8 mov ecx, dword ptr fs:[00000030h] | 5_2_016560B8 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163437C mov eax, dword ptr fs:[00000030h] | 5_2_0163437C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01612349 mov eax, dword ptr fs:[00000030h] | 5_2_01612349 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165A352 mov eax, dword ptr fs:[00000030h] | 5_2_0165A352 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov eax, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov eax, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov eax, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov ecx, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov eax, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161035C mov eax, dword ptr fs:[00000030h] | 5_2_0161035C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158C310 mov ecx, dword ptr fs:[00000030h] | 5_2_0158C310 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B0310 mov ecx, dword ptr fs:[00000030h] | 5_2_015B0310 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA30B mov eax, dword ptr fs:[00000030h] | 5_2_015CA30B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA30B mov eax, dword ptr fs:[00000030h] | 5_2_015CA30B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA30B mov eax, dword ptr fs:[00000030h] | 5_2_015CA30B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A3C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A3C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015983C0 mov eax, dword ptr fs:[00000030h] | 5_2_015983C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015983C0 mov eax, dword ptr fs:[00000030h] | 5_2_015983C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015983C0 mov eax, dword ptr fs:[00000030h] | 5_2_015983C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015983C0 mov eax, dword ptr fs:[00000030h] | 5_2_015983C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016163C0 mov eax, dword ptr fs:[00000030h] | 5_2_016163C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C63FF mov eax, dword ptr fs:[00000030h] | 5_2_015C63FF |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0164C3CD mov eax, dword ptr fs:[00000030h] | 5_2_0164C3CD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE3F0 mov eax, dword ptr fs:[00000030h] | 5_2_015AE3F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE3F0 mov eax, dword ptr fs:[00000030h] | 5_2_015AE3F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE3F0 mov eax, dword ptr fs:[00000030h] | 5_2_015AE3F0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A03E9 mov eax, dword ptr fs:[00000030h] | 5_2_015A03E9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016343D4 mov eax, dword ptr fs:[00000030h] | 5_2_016343D4 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016343D4 mov eax, dword ptr fs:[00000030h] | 5_2_016343D4 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01588397 mov eax, dword ptr fs:[00000030h] | 5_2_01588397 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01588397 mov eax, dword ptr fs:[00000030h] | 5_2_01588397 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01588397 mov eax, dword ptr fs:[00000030h] | 5_2_01588397 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E388 mov eax, dword ptr fs:[00000030h] | 5_2_0158E388 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E388 mov eax, dword ptr fs:[00000030h] | 5_2_0158E388 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E388 mov eax, dword ptr fs:[00000030h] | 5_2_0158E388 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B438F mov eax, dword ptr fs:[00000030h] | 5_2_015B438F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B438F mov eax, dword ptr fs:[00000030h] | 5_2_015B438F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596259 mov eax, dword ptr fs:[00000030h] | 5_2_01596259 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158A250 mov eax, dword ptr fs:[00000030h] | 5_2_0158A250 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01640274 mov eax, dword ptr fs:[00000030h] | 5_2_01640274 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01618243 mov eax, dword ptr fs:[00000030h] | 5_2_01618243 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01618243 mov ecx, dword ptr fs:[00000030h] | 5_2_01618243 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158826B mov eax, dword ptr fs:[00000030h] | 5_2_0158826B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594260 mov eax, dword ptr fs:[00000030h] | 5_2_01594260 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594260 mov eax, dword ptr fs:[00000030h] | 5_2_01594260 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594260 mov eax, dword ptr fs:[00000030h] | 5_2_01594260 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158823B mov eax, dword ptr fs:[00000030h] | 5_2_0158823B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A2C3 mov eax, dword ptr fs:[00000030h] | 5_2_0159A2C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A2C3 mov eax, dword ptr fs:[00000030h] | 5_2_0159A2C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A2C3 mov eax, dword ptr fs:[00000030h] | 5_2_0159A2C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A2C3 mov eax, dword ptr fs:[00000030h] | 5_2_0159A2C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A2C3 mov eax, dword ptr fs:[00000030h] | 5_2_0159A2C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A02E1 mov eax, dword ptr fs:[00000030h] | 5_2_015A02E1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A02E1 mov eax, dword ptr fs:[00000030h] | 5_2_015A02E1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A02E1 mov eax, dword ptr fs:[00000030h] | 5_2_015A02E1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov eax, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov ecx, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov eax, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov eax, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov eax, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016262A0 mov eax, dword ptr fs:[00000030h] | 5_2_016262A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE284 mov eax, dword ptr fs:[00000030h] | 5_2_015CE284 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE284 mov eax, dword ptr fs:[00000030h] | 5_2_015CE284 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01610283 mov eax, dword ptr fs:[00000030h] | 5_2_01610283 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01610283 mov eax, dword ptr fs:[00000030h] | 5_2_01610283 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01610283 mov eax, dword ptr fs:[00000030h] | 5_2_01610283 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598550 mov eax, dword ptr fs:[00000030h] | 5_2_01598550 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598550 mov eax, dword ptr fs:[00000030h] | 5_2_01598550 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C656A mov eax, dword ptr fs:[00000030h] | 5_2_015C656A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C656A mov eax, dword ptr fs:[00000030h] | 5_2_015C656A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C656A mov eax, dword ptr fs:[00000030h] | 5_2_015C656A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626500 mov eax, dword ptr fs:[00000030h] | 5_2_01626500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE53E mov eax, dword ptr fs:[00000030h] | 5_2_015BE53E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE53E mov eax, dword ptr fs:[00000030h] | 5_2_015BE53E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE53E mov eax, dword ptr fs:[00000030h] | 5_2_015BE53E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE53E mov eax, dword ptr fs:[00000030h] | 5_2_015BE53E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE53E mov eax, dword ptr fs:[00000030h] | 5_2_015BE53E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664500 mov eax, dword ptr fs:[00000030h] | 5_2_01664500 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0535 mov eax, dword ptr fs:[00000030h] | 5_2_015A0535 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015965D0 mov eax, dword ptr fs:[00000030h] | 5_2_015965D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA5D0 mov eax, dword ptr fs:[00000030h] | 5_2_015CA5D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA5D0 mov eax, dword ptr fs:[00000030h] | 5_2_015CA5D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE5CF mov eax, dword ptr fs:[00000030h] | 5_2_015CE5CF |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE5CF mov eax, dword ptr fs:[00000030h] | 5_2_015CE5CF |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC5ED mov eax, dword ptr fs:[00000030h] | 5_2_015CC5ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC5ED mov eax, dword ptr fs:[00000030h] | 5_2_015CC5ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015925E0 mov eax, dword ptr fs:[00000030h] | 5_2_015925E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE5E7 mov eax, dword ptr fs:[00000030h] | 5_2_015BE5E7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE59C mov eax, dword ptr fs:[00000030h] | 5_2_015CE59C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016105A7 mov eax, dword ptr fs:[00000030h] | 5_2_016105A7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016105A7 mov eax, dword ptr fs:[00000030h] | 5_2_016105A7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016105A7 mov eax, dword ptr fs:[00000030h] | 5_2_016105A7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C4588 mov eax, dword ptr fs:[00000030h] | 5_2_015C4588 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01592582 mov eax, dword ptr fs:[00000030h] | 5_2_01592582 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01592582 mov ecx, dword ptr fs:[00000030h] | 5_2_01592582 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B45B1 mov eax, dword ptr fs:[00000030h] | 5_2_015B45B1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B45B1 mov eax, dword ptr fs:[00000030h] | 5_2_015B45B1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B245A mov eax, dword ptr fs:[00000030h] | 5_2_015B245A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161C460 mov ecx, dword ptr fs:[00000030h] | 5_2_0161C460 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158645D mov eax, dword ptr fs:[00000030h] | 5_2_0158645D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CE443 mov eax, dword ptr fs:[00000030h] | 5_2_015CE443 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BA470 mov eax, dword ptr fs:[00000030h] | 5_2_015BA470 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BA470 mov eax, dword ptr fs:[00000030h] | 5_2_015BA470 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BA470 mov eax, dword ptr fs:[00000030h] | 5_2_015BA470 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01616420 mov eax, dword ptr fs:[00000030h] | 5_2_01616420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C8402 mov eax, dword ptr fs:[00000030h] | 5_2_015C8402 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C8402 mov eax, dword ptr fs:[00000030h] | 5_2_015C8402 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C8402 mov eax, dword ptr fs:[00000030h] | 5_2_015C8402 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA430 mov eax, dword ptr fs:[00000030h] | 5_2_015CA430 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E420 mov eax, dword ptr fs:[00000030h] | 5_2_0158E420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E420 mov eax, dword ptr fs:[00000030h] | 5_2_0158E420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158E420 mov eax, dword ptr fs:[00000030h] | 5_2_0158E420 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158C427 mov eax, dword ptr fs:[00000030h] | 5_2_0158C427 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015904E5 mov ecx, dword ptr fs:[00000030h] | 5_2_015904E5 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161A4B0 mov eax, dword ptr fs:[00000030h] | 5_2_0161A4B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C44B0 mov ecx, dword ptr fs:[00000030h] | 5_2_015C44B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015964AB mov eax, dword ptr fs:[00000030h] | 5_2_015964AB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590750 mov eax, dword ptr fs:[00000030h] | 5_2_01590750 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2750 mov eax, dword ptr fs:[00000030h] | 5_2_015D2750 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2750 mov eax, dword ptr fs:[00000030h] | 5_2_015D2750 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C674D mov esi, dword ptr fs:[00000030h] | 5_2_015C674D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C674D mov eax, dword ptr fs:[00000030h] | 5_2_015C674D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C674D mov eax, dword ptr fs:[00000030h] | 5_2_015C674D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598770 mov eax, dword ptr fs:[00000030h] | 5_2_01598770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0770 mov eax, dword ptr fs:[00000030h] | 5_2_015A0770 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01614755 mov eax, dword ptr fs:[00000030h] | 5_2_01614755 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161E75D mov eax, dword ptr fs:[00000030h] | 5_2_0161E75D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590710 mov eax, dword ptr fs:[00000030h] | 5_2_01590710 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C0710 mov eax, dword ptr fs:[00000030h] | 5_2_015C0710 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160C730 mov eax, dword ptr fs:[00000030h] | 5_2_0160C730 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC700 mov eax, dword ptr fs:[00000030h] | 5_2_015CC700 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C273C mov eax, dword ptr fs:[00000030h] | 5_2_015C273C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C273C mov ecx, dword ptr fs:[00000030h] | 5_2_015C273C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C273C mov eax, dword ptr fs:[00000030h] | 5_2_015C273C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC720 mov eax, dword ptr fs:[00000030h] | 5_2_015CC720 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC720 mov eax, dword ptr fs:[00000030h] | 5_2_015CC720 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161E7E1 mov eax, dword ptr fs:[00000030h] | 5_2_0161E7E1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159C7C0 mov eax, dword ptr fs:[00000030h] | 5_2_0159C7C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016107C3 mov eax, dword ptr fs:[00000030h] | 5_2_016107C3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015947FB mov eax, dword ptr fs:[00000030h] | 5_2_015947FB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015947FB mov eax, dword ptr fs:[00000030h] | 5_2_015947FB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B27ED mov eax, dword ptr fs:[00000030h] | 5_2_015B27ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B27ED mov eax, dword ptr fs:[00000030h] | 5_2_015B27ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B27ED mov eax, dword ptr fs:[00000030h] | 5_2_015B27ED |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163678E mov eax, dword ptr fs:[00000030h] | 5_2_0163678E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015907AF mov eax, dword ptr fs:[00000030h] | 5_2_015907AF |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165866E mov eax, dword ptr fs:[00000030h] | 5_2_0165866E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165866E mov eax, dword ptr fs:[00000030h] | 5_2_0165866E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AC640 mov eax, dword ptr fs:[00000030h] | 5_2_015AC640 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C2674 mov eax, dword ptr fs:[00000030h] | 5_2_015C2674 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA660 mov eax, dword ptr fs:[00000030h] | 5_2_015CA660 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA660 mov eax, dword ptr fs:[00000030h] | 5_2_015CA660 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D2619 mov eax, dword ptr fs:[00000030h] | 5_2_015D2619 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A260B mov eax, dword ptr fs:[00000030h] | 5_2_015A260B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E609 mov eax, dword ptr fs:[00000030h] | 5_2_0160E609 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159262C mov eax, dword ptr fs:[00000030h] | 5_2_0159262C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C6620 mov eax, dword ptr fs:[00000030h] | 5_2_015C6620 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C8620 mov eax, dword ptr fs:[00000030h] | 5_2_015C8620 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AE627 mov eax, dword ptr fs:[00000030h] | 5_2_015AE627 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016106F1 mov eax, dword ptr fs:[00000030h] | 5_2_016106F1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016106F1 mov eax, dword ptr fs:[00000030h] | 5_2_016106F1 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E6F2 mov eax, dword ptr fs:[00000030h] | 5_2_0160E6F2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E6F2 mov eax, dword ptr fs:[00000030h] | 5_2_0160E6F2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E6F2 mov eax, dword ptr fs:[00000030h] | 5_2_0160E6F2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E6F2 mov eax, dword ptr fs:[00000030h] | 5_2_0160E6F2 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA6C7 mov ebx, dword ptr fs:[00000030h] | 5_2_015CA6C7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA6C7 mov eax, dword ptr fs:[00000030h] | 5_2_015CA6C7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594690 mov eax, dword ptr fs:[00000030h] | 5_2_01594690 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594690 mov eax, dword ptr fs:[00000030h] | 5_2_01594690 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C66B0 mov eax, dword ptr fs:[00000030h] | 5_2_015C66B0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC6A6 mov eax, dword ptr fs:[00000030h] | 5_2_015CC6A6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01634978 mov eax, dword ptr fs:[00000030h] | 5_2_01634978 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01634978 mov eax, dword ptr fs:[00000030h] | 5_2_01634978 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161C97C mov eax, dword ptr fs:[00000030h] | 5_2_0161C97C |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01610946 mov eax, dword ptr fs:[00000030h] | 5_2_01610946 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D096E mov eax, dword ptr fs:[00000030h] | 5_2_015D096E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D096E mov edx, dword ptr fs:[00000030h] | 5_2_015D096E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015D096E mov eax, dword ptr fs:[00000030h] | 5_2_015D096E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B6962 mov eax, dword ptr fs:[00000030h] | 5_2_015B6962 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B6962 mov eax, dword ptr fs:[00000030h] | 5_2_015B6962 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B6962 mov eax, dword ptr fs:[00000030h] | 5_2_015B6962 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01588918 mov eax, dword ptr fs:[00000030h] | 5_2_01588918 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01588918 mov eax, dword ptr fs:[00000030h] | 5_2_01588918 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0162892B mov eax, dword ptr fs:[00000030h] | 5_2_0162892B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161892A mov eax, dword ptr fs:[00000030h] | 5_2_0161892A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E908 mov eax, dword ptr fs:[00000030h] | 5_2_0160E908 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160E908 mov eax, dword ptr fs:[00000030h] | 5_2_0160E908 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161C912 mov eax, dword ptr fs:[00000030h] | 5_2_0161C912 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161E9E0 mov eax, dword ptr fs:[00000030h] | 5_2_0161E9E0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159A9D0 mov eax, dword ptr fs:[00000030h] | 5_2_0159A9D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C49D0 mov eax, dword ptr fs:[00000030h] | 5_2_015C49D0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016269C0 mov eax, dword ptr fs:[00000030h] | 5_2_016269C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C29F9 mov eax, dword ptr fs:[00000030h] | 5_2_015C29F9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C29F9 mov eax, dword ptr fs:[00000030h] | 5_2_015C29F9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165A9D3 mov eax, dword ptr fs:[00000030h] | 5_2_0165A9D3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016189B3 mov esi, dword ptr fs:[00000030h] | 5_2_016189B3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016189B3 mov eax, dword ptr fs:[00000030h] | 5_2_016189B3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_016189B3 mov eax, dword ptr fs:[00000030h] | 5_2_016189B3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015909AD mov eax, dword ptr fs:[00000030h] | 5_2_015909AD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015909AD mov eax, dword ptr fs:[00000030h] | 5_2_015909AD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A29A0 mov eax, dword ptr fs:[00000030h] | 5_2_015A29A0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594859 mov eax, dword ptr fs:[00000030h] | 5_2_01594859 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01594859 mov eax, dword ptr fs:[00000030h] | 5_2_01594859 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C0854 mov eax, dword ptr fs:[00000030h] | 5_2_015C0854 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626870 mov eax, dword ptr fs:[00000030h] | 5_2_01626870 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626870 mov eax, dword ptr fs:[00000030h] | 5_2_01626870 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161E872 mov eax, dword ptr fs:[00000030h] | 5_2_0161E872 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161E872 mov eax, dword ptr fs:[00000030h] | 5_2_0161E872 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A2840 mov ecx, dword ptr fs:[00000030h] | 5_2_015A2840 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163483A mov eax, dword ptr fs:[00000030h] | 5_2_0163483A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163483A mov eax, dword ptr fs:[00000030h] | 5_2_0163483A |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CA830 mov eax, dword ptr fs:[00000030h] | 5_2_015CA830 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov eax, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov eax, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov eax, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov ecx, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov eax, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B2835 mov eax, dword ptr fs:[00000030h] | 5_2_015B2835 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161C810 mov eax, dword ptr fs:[00000030h] | 5_2_0161C810 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165A8E4 mov eax, dword ptr fs:[00000030h] | 5_2_0165A8E4 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BE8C0 mov eax, dword ptr fs:[00000030h] | 5_2_015BE8C0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC8F9 mov eax, dword ptr fs:[00000030h] | 5_2_015CC8F9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CC8F9 mov eax, dword ptr fs:[00000030h] | 5_2_015CC8F9 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590887 mov eax, dword ptr fs:[00000030h] | 5_2_01590887 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161C89D mov eax, dword ptr fs:[00000030h] | 5_2_0161C89D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01638B42 mov eax, dword ptr fs:[00000030h] | 5_2_01638B42 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626B40 mov eax, dword ptr fs:[00000030h] | 5_2_01626B40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01626B40 mov eax, dword ptr fs:[00000030h] | 5_2_01626B40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0165AB40 mov eax, dword ptr fs:[00000030h] | 5_2_0165AB40 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158CB7E mov eax, dword ptr fs:[00000030h] | 5_2_0158CB7E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01658B28 mov eax, dword ptr fs:[00000030h] | 5_2_01658B28 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01658B28 mov eax, dword ptr fs:[00000030h] | 5_2_01658B28 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEB20 mov eax, dword ptr fs:[00000030h] | 5_2_015BEB20 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEB20 mov eax, dword ptr fs:[00000030h] | 5_2_015BEB20 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160EB1D mov eax, dword ptr fs:[00000030h] | 5_2_0160EB1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B0BCB mov eax, dword ptr fs:[00000030h] | 5_2_015B0BCB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B0BCB mov eax, dword ptr fs:[00000030h] | 5_2_015B0BCB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B0BCB mov eax, dword ptr fs:[00000030h] | 5_2_015B0BCB |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161CBF0 mov eax, dword ptr fs:[00000030h] | 5_2_0161CBF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590BCD mov eax, dword ptr fs:[00000030h] | 5_2_01590BCD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590BCD mov eax, dword ptr fs:[00000030h] | 5_2_01590BCD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590BCD mov eax, dword ptr fs:[00000030h] | 5_2_01590BCD |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEBFC mov eax, dword ptr fs:[00000030h] | 5_2_015BEBFC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598BF0 mov eax, dword ptr fs:[00000030h] | 5_2_01598BF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598BF0 mov eax, dword ptr fs:[00000030h] | 5_2_01598BF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598BF0 mov eax, dword ptr fs:[00000030h] | 5_2_01598BF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0163EBD0 mov eax, dword ptr fs:[00000030h] | 5_2_0163EBD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0BBE mov eax, dword ptr fs:[00000030h] | 5_2_015A0BBE |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0BBE mov eax, dword ptr fs:[00000030h] | 5_2_015A0BBE |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0A5B mov eax, dword ptr fs:[00000030h] | 5_2_015A0A5B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015A0A5B mov eax, dword ptr fs:[00000030h] | 5_2_015A0A5B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01596A50 mov eax, dword ptr fs:[00000030h] | 5_2_01596A50 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160CA72 mov eax, dword ptr fs:[00000030h] | 5_2_0160CA72 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0160CA72 mov eax, dword ptr fs:[00000030h] | 5_2_0160CA72 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CCA6F mov eax, dword ptr fs:[00000030h] | 5_2_015CCA6F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CCA6F mov eax, dword ptr fs:[00000030h] | 5_2_015CCA6F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CCA6F mov eax, dword ptr fs:[00000030h] | 5_2_015CCA6F |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CCA38 mov eax, dword ptr fs:[00000030h] | 5_2_015CCA38 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B4A35 mov eax, dword ptr fs:[00000030h] | 5_2_015B4A35 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015B4A35 mov eax, dword ptr fs:[00000030h] | 5_2_015B4A35 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0161CA11 mov eax, dword ptr fs:[00000030h] | 5_2_0161CA11 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEA2E mov eax, dword ptr fs:[00000030h] | 5_2_015BEA2E |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CCA24 mov eax, dword ptr fs:[00000030h] | 5_2_015CCA24 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590AD0 mov eax, dword ptr fs:[00000030h] | 5_2_01590AD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C4AD0 mov eax, dword ptr fs:[00000030h] | 5_2_015C4AD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C4AD0 mov eax, dword ptr fs:[00000030h] | 5_2_015C4AD0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E6ACC mov eax, dword ptr fs:[00000030h] | 5_2_015E6ACC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E6ACC mov eax, dword ptr fs:[00000030h] | 5_2_015E6ACC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E6ACC mov eax, dword ptr fs:[00000030h] | 5_2_015E6ACC |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CAAEE mov eax, dword ptr fs:[00000030h] | 5_2_015CAAEE |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015CAAEE mov eax, dword ptr fs:[00000030h] | 5_2_015CAAEE |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C8A90 mov edx, dword ptr fs:[00000030h] | 5_2_015C8A90 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159EA80 mov eax, dword ptr fs:[00000030h] | 5_2_0159EA80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01664A80 mov eax, dword ptr fs:[00000030h] | 5_2_01664A80 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598AA0 mov eax, dword ptr fs:[00000030h] | 5_2_01598AA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598AA0 mov eax, dword ptr fs:[00000030h] | 5_2_01598AA0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015E6AA4 mov eax, dword ptr fs:[00000030h] | 5_2_015E6AA4 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590D59 mov eax, dword ptr fs:[00000030h] | 5_2_01590D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590D59 mov eax, dword ptr fs:[00000030h] | 5_2_01590D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01590D59 mov eax, dword ptr fs:[00000030h] | 5_2_01590D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598D59 mov eax, dword ptr fs:[00000030h] | 5_2_01598D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598D59 mov eax, dword ptr fs:[00000030h] | 5_2_01598D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598D59 mov eax, dword ptr fs:[00000030h] | 5_2_01598D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598D59 mov eax, dword ptr fs:[00000030h] | 5_2_01598D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01598D59 mov eax, dword ptr fs:[00000030h] | 5_2_01598D59 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01628D6B mov eax, dword ptr fs:[00000030h] | 5_2_01628D6B |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015C4D1D mov eax, dword ptr fs:[00000030h] | 5_2_015C4D1D |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01618D20 mov eax, dword ptr fs:[00000030h] | 5_2_01618D20 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01586D10 mov eax, dword ptr fs:[00000030h] | 5_2_01586D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01586D10 mov eax, dword ptr fs:[00000030h] | 5_2_01586D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01586D10 mov eax, dword ptr fs:[00000030h] | 5_2_01586D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AAD00 mov eax, dword ptr fs:[00000030h] | 5_2_015AAD00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AAD00 mov eax, dword ptr fs:[00000030h] | 5_2_015AAD00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015AAD00 mov eax, dword ptr fs:[00000030h] | 5_2_015AAD00 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01648D10 mov eax, dword ptr fs:[00000030h] | 5_2_01648D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01648D10 mov eax, dword ptr fs:[00000030h] | 5_2_01648D10 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEDD3 mov eax, dword ptr fs:[00000030h] | 5_2_015BEDD3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BEDD3 mov eax, dword ptr fs:[00000030h] | 5_2_015BEDD3 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01630DF0 mov eax, dword ptr fs:[00000030h] | 5_2_01630DF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01630DF0 mov eax, dword ptr fs:[00000030h] | 5_2_01630DF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BCDF0 mov eax, dword ptr fs:[00000030h] | 5_2_015BCDF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_015BCDF0 mov ecx, dword ptr fs:[00000030h] | 5_2_015BCDF0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01586DF6 mov eax, dword ptr fs:[00000030h] | 5_2_01586DF6 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158CDEA mov eax, dword ptr fs:[00000030h] | 5_2_0158CDEA |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0158CDEA mov eax, dword ptr fs:[00000030h] | 5_2_0158CDEA |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01614DD7 mov eax, dword ptr fs:[00000030h] | 5_2_01614DD7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_01614DD7 mov eax, dword ptr fs:[00000030h] | 5_2_01614DD7 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 mov eax, dword ptr fs:[00000030h] | 5_2_0159ADE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 mov eax, dword ptr fs:[00000030h] | 5_2_0159ADE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 mov eax, dword ptr fs:[00000030h] | 5_2_0159ADE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 mov eax, dword ptr fs:[00000030h] | 5_2_0159ADE0 |
Source: C:\Users\user\Desktop\TEKLIF 2002509.exe | Code function: 5_2_0159ADE0 mov eax, dword ptr fs:[00000030h] | 5_2_0159ADE0 |