Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: clearancek.site |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: licendfilteo.site |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: spirittunek.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: bathdoomgaz.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: studennotediw.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: dissapoiznw.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: eaglepawnoy.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: mobbipenju.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: spirittunek.stor |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: Workgroup: - |
Source: 00000005.00000002.2419628160.0000000000BCC000.00000004.00000001.01000000.00000009.sdmp |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
1_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00411E5D CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA, |
1_2_00411E5D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
1_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040A7D8 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
1_2_0040A7D8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C426C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
1_2_6C426C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C57A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
1_2_6C57A9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C574440 PK11_PrivDecrypt, |
1_2_6C574440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C544420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free, |
1_2_6C544420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C5744C0 PK11_PubEncrypt, |
1_2_6C5744C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6C5C25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt, |
1_2_6C5C25B0 |
Source: |
Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2767304923.0000000023B1D000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2786908223.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr |
Source: |
Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.2763898778.000000001DBA6000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr |
Source: |
Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.2763898778.000000001DBA6000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr |
Source: |
Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2787782401.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.2780051549.000000003B8D7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr |
Source: |
Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.2773771439.000000002F9F5000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.2777002776.0000000035961000.00000004.00000020.00020000.00000000.sdmp, vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.2770383080.0000000029A88000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.1.dr, msvcp140[1].dll.1.dr |
Source: |
Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2787782401.000000006C64F000.00000002.00000001.01000000.00000007.sdmp, MSBuild.exe, 00000001.00000002.2780051549.000000003B8D7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2759657660.00000000178EA000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2763587529.000000001D858000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.1.dr |
Source: |
Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2767304923.0000000023B1D000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2786908223.000000006C48D000.00000002.00000001.01000000.00000008.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr |
Source: |
Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.2773771439.000000002F9F5000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_00AE980F FindFirstFileExW, |
0_2_00AE980F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0041543D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_0041543D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00414CC8 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose, |
1_2_00414CC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00409D1C FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00409D1C |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040D5C6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040D5C6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040B5DF FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040B5DF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040BF4D FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_0040BF4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00415FD1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00415FD1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040B93F FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040B93F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00415B0B GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
1_2_00415B0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040CD37 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, |
1_2_0040CD37 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 5_2_00BB980F FindFirstFileExW, |
5_2_00BB980F |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
0_2_00AFD38D |
Source: C:\Users\user\Desktop\file.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
0_2_00AFD38D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
1_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
1_2_004014AD |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov ebp, eax |
5_2_00BD61E0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [eax], dx |
5_2_00BEE140 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [esi], ax |
5_2_00BEE140 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
5_2_00C12298 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
5_2_00BFE2C0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
5_2_00BF83B7 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
5_2_00C12398 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
5_2_00BE2416 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
5_2_00BFA572 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [eax], dx |
5_2_00BEE548 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
5_2_00C126CF |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
5_2_00BD0880 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
5_2_00BF482C |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h |
5_2_00C1283B |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
5_2_00C10920 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
5_2_00BFCA60 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
5_2_00BF8BB0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00BF8BB0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h |
5_2_00BF8BB0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
5_2_00BFAB28 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [edx], ax |
5_2_00BF6B71 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp eax |
5_2_00BF6B50 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
5_2_00BE2CC2 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp eax |
5_2_00BF4C23 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00C14C6A |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
5_2_00BD2D80 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
5_2_00BDCDCC |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov edi, ecx |
5_2_00BE0D0A |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov ecx, dword ptr [edx] |
5_2_00BCCEE0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
5_2_00BE2E71 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp ecx |
5_2_00BD4FB8 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00BD8FF0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00BD8FF0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
5_2_00BFEFDD |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
5_2_00BFEF7C |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then dec ebx |
5_2_00C0AF10 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
5_2_00BF90C1 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx ebx, word ptr [ecx] |
5_2_00BF7059 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
5_2_00BE72F0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_00BE93C7 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
5_2_00C0D320 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
5_2_00C13400 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
5_2_00C135F0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
5_2_00C07530 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
5_2_00BF968F |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00C11609 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_00BF5667 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, ebx |
5_2_00BE1655 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
5_2_00BEB8A4 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
5_2_00C158B0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov byte ptr [edi], al |
5_2_00BFF81B |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
5_2_00C0F800 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
5_2_00BE9872 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp dword ptr [0044FDB4h] |
5_2_00BE1851 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp eax |
5_2_00BDD9AD |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
5_2_00BD1930 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp eax |
5_2_00BDD91C |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
5_2_00BFF945 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
5_2_00BF3AE0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
5_2_00BDDACE |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
5_2_00C15A40 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] |
5_2_00BE9A4F |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00C15BC0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
5_2_00C15BC0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
5_2_00BDBB80 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov byte ptr [edi], al |
5_2_00BFFB2A |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov byte ptr [edi], al |
5_2_00BFFB4B |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh |
5_2_00C0BB3E |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
5_2_00BF9C89 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+00h] |
5_2_00BD7D90 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
5_2_00BDDD73 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00BF1D50 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [eax], cx |
5_2_00BF3D40 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov word ptr [edx], 0000h |
5_2_00BEBEBF |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
5_2_00C13EA0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00C13EA0 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp eax |
5_2_00BF5ECC |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp ecx |
5_2_00C11EB6 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
5_2_00C0BE50 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh |
5_2_00BFBF38 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
5_2_00BFFF20 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+14h] |
5_2_00BFFF20 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then jmp ecx |
5_2_00C11F74 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
5_2_00BDFF77 |
Source: C:\ProgramData\KJEHJKJEBG.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
5_2_00C0FF20 |