Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: wickedneatr.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: invinjurhey.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: laddyirekyi.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: exilepolsiy.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: bemuzzeki.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: exemplarou.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: isoplethui.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: frizzettei.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: exemplarou.sbs |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: Workgroup: - |
Source: 00000008.00000002.2228944869.00000000001DD000.00000004.00000001.01000000.0000000A.sdmp |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
1_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
1_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00411E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
1_2_00411E32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040A7AD _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
1_2_0040A7AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6CB66C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer, |
1_2_6CB66C80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_6CCBA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
1_2_6CCBA9A0 |
Source: |
Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.2239224281.0000000020578000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr |
Source: |
Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2241622984.00000000264E2000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2257843409.000000006CBCD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr |
Source: |
Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.2239224281.0000000020578000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr, freebl3[1].dll.1.dr |
Source: |
Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2259380459.000000006CD8F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.2251682068.000000003E2AE000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr |
Source: |
Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.2246850104.00000000323C1000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.2249159673.0000000038339000.00000004.00000020.00020000.00000000.sdmp, vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.2244107241.000000002C45F000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.1.dr, msvcp140[1].dll.1.dr |
Source: |
Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2259380459.000000006CD8F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000001.00000002.2251682068.000000003E2AE000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2238905953.0000000020218000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2231134063.000000001A2AE000.00000004.00000020.00020000.00000000.sdmp, sql[1].dll.1.dr |
Source: |
Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2241622984.00000000264E2000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2257843409.000000006CBCD000.00000002.00000001.01000000.00000009.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr |
Source: |
Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.2246850104.00000000323C1000.00000004.00000020.00020000.00000000.sdmp, softokn3[1].dll.1.dr, softokn3.dll.1.dr |
Source: C:\Users\user\Desktop\T2bmenoX1o.exe |
Code function: 0_2_00DC9ABF FindFirstFileExW, |
0_2_00DC9ABF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00416013 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
1_2_0041547D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00409CF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose, |
1_2_00414D08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040D59B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
1_2_0040B5B4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
1_2_0040BF22 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
1_2_0040B914 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
1_2_00415B4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 1_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, |
1_2_0040CD0C |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 8_2_001C9ABF FindFirstFileExW, |
8_2_001C9ABF |
Source: C:\Users\user\Desktop\T2bmenoX1o.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
0_2_00DDE385 |
Source: C:\Users\user\Desktop\T2bmenoX1o.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
0_2_00DDE385 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
1_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
1_2_004014AD |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx ebx, word ptr [ecx] |
8_2_00208051 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
8_2_0020A0B9 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
8_2_001F82E8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
8_2_0021E318 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [eax], cx |
8_2_001FA3BF |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
8_2_002243F8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
8_2_00218528 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
8_2_002245E8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00222601 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, ebx |
8_2_001F264D |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [eax], cx |
8_2_0020665F |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
8_2_0020A687 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
8_2_002207F8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov byte ptr [edi], al |
8_2_00210813 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp dword ptr [0044FDB4h] |
8_2_001F2849 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
8_2_001FA86A |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
8_2_001FC89C |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
8_2_002268A8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp eax |
8_2_001EE914 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
8_2_0021093D |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
8_2_001E2928 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp eax |
8_2_001EE9A5 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
8_2_00226A38 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] |
8_2_001FAA47 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
8_2_001EEAC6 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
8_2_00204AD8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov byte ptr [edi], al |
8_2_00210B22 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh |
8_2_0021CB36 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov byte ptr [edi], al |
8_2_00210B43 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
8_2_001ECB78 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00226BB8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
8_2_00226BB8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
8_2_0020AC81 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [eax], cx |
8_2_00204D38 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00202D48 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
8_2_001EED6B |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+00h] |
8_2_001E8D88 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_0021CE48 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp ecx |
8_2_00222EAE |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [edx], 0000h |
8_2_001FCEB7 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
8_2_00224E98 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00224E98 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp eax |
8_2_00206EC4 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh |
8_2_0020CF30 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
8_2_00210F18 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+14h] |
8_2_00210F18 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
8_2_00220F18 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp ecx |
8_2_00222F6C |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
8_2_001F0F6F |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [eax], dx |
8_2_001FF138 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [esi], ax |
8_2_001FF138 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov ebp, eax |
8_2_001E71D8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
8_2_0020F2B8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
8_2_00223290 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
8_2_002093AF |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
8_2_00223390 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
8_2_001F340E |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
8_2_0020B56A |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [eax], dx |
8_2_001FF540 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
8_2_002236C7 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
8_2_00205824 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h |
8_2_00223833 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
8_2_001E1878 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
8_2_00221918 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
8_2_0020DA58 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
8_2_0020BB20 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov word ptr [edx], ax |
8_2_00207B69 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp eax |
8_2_00207B48 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
8_2_00209BA8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00209BA8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h |
8_2_00209BA8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp eax |
8_2_00205C1B |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_00225C62 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
8_2_001F3CBA |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov edi, ecx |
8_2_001F1D02 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
8_2_001E3D78 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
8_2_001EDDC4 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
8_2_001F3E69 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov ecx, dword ptr [edx] |
8_2_001DDED8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then dec ebx |
8_2_0021BF08 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
8_2_0020FF74 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then jmp ecx |
8_2_001E5FB0 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
8_2_0020FFD5 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_001E9FE8 |
Source: C:\ProgramData\AAFIIJDAAA.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
8_2_001E9FE8 |