Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: absorptioniw.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: mysterisop.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: snarlypagowo.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: treatynreit.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: chorusarorp.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: abnomalrkmu.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: soldiefieop.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: questionsmw.stor |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: soldiefieop.site |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: - Screen Resoluton: |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: Workgroup: - |
Source: 0000000D.00000002.2185212065.0000000000B18000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
4_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
4_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00411E5D CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
4_2_00411E5D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
4_2_0040A7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_6C896C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
4_2_6C896C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_6C9EA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
4_2_6C9EA9A0 |
Source: |
Binary string: freebl3.pdb source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr |
Source: |
Binary string: mozglue.pdbP source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr |
Source: |
Binary string: freebl3.pdbp source: MSBuild.exe, 00000004.00000002.2202720214.000000002047C000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.4.dr |
Source: |
Binary string: nss3.pdb@ source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr |
Source: |
Binary string: softokn3.pdb@ source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000004.00000002.2221135617.000000003823A000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.4.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000004.00000002.2215082591.000000002C352000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.4.dr |
Source: |
Binary string: nss3.pdb source: MSBuild.exe, 00000004.00000002.2224013548.000000003E1AE000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2231687114.000000006CABF000.00000002.00000001.01000000.00000008.sdmp, nss3.dll.4.dr |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000004.00000002.2201069004.000000001FE28000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2196301722.0000000019EB0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mozglue.pdb source: MSBuild.exe, 00000004.00000002.2211910779.00000000263E4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2230729954.000000006C8FD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.4.dr |
Source: |
Binary string: softokn3.pdb source: MSBuild.exe, 00000004.00000002.2218332574.00000000322C9000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.4.dr |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0062735B FindFirstFileExW, |
0_2_0062735B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
4_2_0041543D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose, |
4_2_00414CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
4_2_00409D1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
4_2_0040D5C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
4_2_0040B5DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
4_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
4_2_0040BF4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
4_2_00415FD1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
4_2_0040B93F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
4_2_00415B0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, |
4_2_0040CD37 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 13_2_00B0735B FindFirstFileExW, |
13_2_00B0735B |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
0_2_00639385 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
0_2_00639385 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
4_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
4_2_004014AD |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4A08D |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx esi, byte ptr [edx+eax-01h] |
13_2_00B240E8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh] |
13_2_00B240E8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4A004 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+20h] |
13_2_00B2E1F1 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
13_2_00B2C16C |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov word ptr [edx], ax |
13_2_00B42158 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4A3E0 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4A3D9 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx ecx, word ptr [edi] |
13_2_00B424F8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
13_2_00B2E448 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov ebx, eax |
13_2_00B22558 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov ebp, eax |
13_2_00B22558 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp al, 2Eh |
13_2_00B446B7 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+14h] |
13_2_00B426A8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then jmp eax |
13_2_00B42778 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B449E3 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
13_2_00B5EABD |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
13_2_00B1CA28 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4AA72 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
13_2_00B5EB32 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
13_2_00B5CB68 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then jmp dword ptr [00451A70h] |
13_2_00B46C40 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
13_2_00B38C49 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esi+08h] |
13_2_00B2AD3A |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B46D18 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx eax, byte ptr [ebx+edx-06h] |
13_2_00B1ED08 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx esi, byte ptr [edx+ebp] |
13_2_00B1ED08 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
13_2_00B32ED8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
13_2_00B3EEC8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
13_2_00B44E06 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esi+00000080h] |
13_2_00B2AE05 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4AE60 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4AE60 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B4AE60 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [edi], al |
13_2_00B4AE60 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov word ptr [eax], dx |
13_2_00B38FA8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov esi, ebx |
13_2_00B60F90 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
13_2_00B370AE |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B2B034 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B41018 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
13_2_00B5D063 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov dword ptr [esp+34h], edx |
13_2_00B191CA |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov word ptr [eax], cx |
13_2_00B3F128 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov word ptr [eax], cx |
13_2_00B3F128 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+00000688h] |
13_2_00B352C4 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then dec ebx |
13_2_00B572C8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
13_2_00B2D225 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
13_2_00B2D215 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov dword ptr [esp+08h], ecx |
13_2_00B1925D |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h |
13_2_00B573B8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh |
13_2_00B573B8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B453BA |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov dword ptr [esp+18h], 3602043Ah |
13_2_00B473A0 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov dword ptr [esp+50h], 00000000h |
13_2_00B2D394 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov word ptr [eax], dx |
13_2_00B393D1 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
13_2_00B5F508 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
13_2_00B59578 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+68h] |
13_2_00B5F6F8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000000D0h] |
13_2_00B3560A |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-000000C0h] |
13_2_00B277EF |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+24h] |
13_2_00B458E2 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
13_2_00B618E8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
13_2_00B538C8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+54h] |
13_2_00B37A89 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B4BAD6 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B4BAD6 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B4BAD6 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov byte ptr [ebx], al |
13_2_00B4BAD6 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
13_2_00B1DAD8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
13_2_00B27AD8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
13_2_00B5BA38 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h |
13_2_00B45A23 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
13_2_00B61A78 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then jmp dword ptr [0045042Ch] |
13_2_00B37A4B |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
13_2_00B2BBF4 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h |
13_2_00B61BF8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
13_2_00B61BF8 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
13_2_00B43B2E |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp eax, C0000004h |
13_2_00B35CD6 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B5BC78 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then xor eax, eax |
13_2_00B43DCE |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
13_2_00B25E98 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov eax, dword ptr [esp+10h] |
13_2_00B25E98 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then jmp eax |
13_2_00B2DE12 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 69F07BF2h |
13_2_00B3FE00 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
13_2_00B47F88 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h |
13_2_00B5BF18 |
Source: C:\ProgramData\CBFCFBFBFB.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
13_2_00B5FF78 |