Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: wickedneatr.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: invinjurhey.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: laddyirekyi.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: exilepolsiy.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: bemuzzeki.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: exemplarou.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: isoplethui.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: frizzettei.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: exemplarou.sbs |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: lid=%s&j=%s&ver=4.0 |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: TeslaBrowser/5.5 |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Screen Resoluton: |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: - Physical Installed Memory: |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: Workgroup: - |
Source: 00000010.00000002.1786194225.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String decryptor: H8NgCl-- |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_004080A1 CryptUnprotectData,LocalAlloc,LocalFree, |
5_2_004080A1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00408048 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree, |
5_2_00408048 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00411E32 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA, |
5_2_00411E32 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040A7AD _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA, |
5_2_0040A7AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2CA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util, |
5_2_6D2CA9A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D3125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt, |
5_2_6D3125B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D294420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free, |
5_2_6D294420 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C4440 PK11_PrivDecrypt, |
5_2_6D2C4440 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C44C0 PK11_PubEncrypt, |
5_2_6D2C44C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2EA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError, |
5_2_6D2EA730 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2A8670 PK11_ExportEncryptedPrivKeyInfo, |
5_2_6D2A8670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2CA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext, |
5_2_6D2CA650 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2AE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free, |
5_2_6D2AE6E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2F0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util, |
5_2_6D2F0180 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C43B0 PK11_PubEncryptPKCS1,PR_SetError, |
5_2_6D2C43B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2EBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy, |
5_2_6D2EBD30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2A7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey, |
5_2_6D2A7D60 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2E7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util, |
5_2_6D2E7C00 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C3FF0 PK11_PrivDecryptPKCS1, |
5_2_6D2C3FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2E9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo, |
5_2_6D2E9EC0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate, |
5_2_6D2C9840 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2C3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError, |
5_2_6D2C3850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_6D2EDA40 SEC_PKCS7ContentIsEncrypted, |
5_2_6D2EDA40 |
Source: |
Binary string: mozglue.pdbP source: MSBuild.exe, 00000005.00000002.1817684509.000000006D63D000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000005.00000002.1791760562.0000000026397000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr |
Source: |
Binary string: freebl3.pdb source: MSBuild.exe, 00000005.00000002.1788989987.000000002042F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.5.dr, freebl3[1].dll.5.dr |
Source: |
Binary string: freebl3.pdbp source: MSBuild.exe, 00000005.00000002.1788989987.000000002042F000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.5.dr, freebl3[1].dll.5.dr |
Source: |
Binary string: nss3.pdb@ source: MSBuild.exe, 00000005.00000002.1817017421.000000006D39F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000005.00000002.1802800143.000000003E153000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr |
Source: |
Binary string: softokn3.pdb@ source: MSBuild.exe, 00000005.00000002.1797401893.0000000032271000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.5.dr, softokn3[1].dll.5.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000005.00000002.1800280648.00000000381EE000.00000004.00000020.00020000.00000000.sdmp, vcruntime140[1].dll.5.dr, vcruntime140.dll.5.dr |
Source: |
Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000005.00000002.1794363422.000000002C30A000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.5.dr, msvcp140[1].dll.5.dr |
Source: |
Binary string: nss3.pdb source: MSBuild.exe, 00000005.00000002.1817017421.000000006D39F000.00000002.00000001.01000000.00000008.sdmp, MSBuild.exe, 00000005.00000002.1802800143.000000003E153000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.5.dr, nss3[1].dll.5.dr |
Source: |
Binary string: mozglue.pdb source: MSBuild.exe, 00000005.00000002.1817684509.000000006D63D000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000005.00000002.1791760562.0000000026397000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.5.dr, mozglue[1].dll.5.dr |
Source: |
Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000005.00000002.1778653897.000000001A032000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000005.00000002.1788346120.000000001FFA8000.00000002.00001000.00020000.00000000.sdmp, sql[1].dll.5.dr |
Source: |
Binary string: softokn3.pdb source: MSBuild.exe, 00000005.00000002.1797401893.0000000032271000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.5.dr, softokn3[1].dll.5.dr |
Source: C:\Users\user\Desktop\VmRHSCaiyc.exe |
Code function: 4_2_00369ABF FindFirstFileExW, |
4_2_00369ABF |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00416013 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
5_2_00416013 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0041547D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose, |
5_2_0041547D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00409CF1 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
5_2_00409CF1 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00414D08 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose, |
5_2_00414D08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00401D80 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
5_2_00401D80 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040D59B FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
5_2_0040D59B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040B5B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose, |
5_2_0040B5B4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040BF22 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA, |
5_2_0040BF22 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040B914 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose, |
5_2_0040B914 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_00415B4D GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA, |
5_2_00415B4D |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 5_2_0040CD0C wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose, |
5_2_0040CD0C |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 15_2_002E9ABF FindFirstFileExW, |
15_2_002E9ABF |
Source: C:\Users\user\Desktop\VmRHSCaiyc.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
4_2_0037E385 |
Source: C:\Users\user\Desktop\VmRHSCaiyc.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
4_2_0037E385 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov eax, dword ptr fs:[00000030h] |
5_2_004014AD |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 4x nop then mov dword ptr [ebp-04h], eax |
5_2_004014AD |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx ebx, word ptr [ecx] |
15_2_00328051 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
15_2_0032A0B9 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov dword ptr [esp], 00000000h |
15_2_003182E8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx eax, word ptr [esi+ecx] |
15_2_0033E318 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [eax], cx |
15_2_0031A3BF |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh |
15_2_003443F8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx ebx, byte ptr [edx] |
15_2_00338528 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx ecx, word ptr [edi+eax] |
15_2_003445E8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00342601 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [eax], cx |
15_2_0032665F |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, ebx |
15_2_0031264D |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
15_2_0032A687 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h |
15_2_003407F8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov byte ptr [edi], al |
15_2_00330813 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h |
15_2_0031A86A |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp dword ptr [0044FDB4h] |
15_2_00312849 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
15_2_003468A8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h |
15_2_0031C89C |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
15_2_0033093D |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+ebx] |
15_2_00302928 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp eax |
15_2_0030E914 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp eax |
15_2_0030E9A5 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh |
15_2_00346A38 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] |
15_2_0031AA47 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h |
15_2_00324AD8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
15_2_0030EAC6 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh |
15_2_0033CB36 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov byte ptr [edi], al |
15_2_00330B22 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+04h] |
15_2_0030CB78 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov byte ptr [edi], al |
15_2_00330B43 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00346BB8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh |
15_2_00346BB8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
15_2_0032AC81 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [eax], cx |
15_2_00324D38 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+40h] |
15_2_0030ED6B |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00322D48 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx ecx, word ptr [ebp+00h] |
15_2_00308D88 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_0033CE48 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [edx], 0000h |
15_2_0031CEB7 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp ecx |
15_2_00342EAE |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
15_2_00344E98 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00344E98 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp eax |
15_2_00326EC4 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh |
15_2_0032CF30 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
15_2_00330F18 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+14h] |
15_2_00330F18 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
15_2_00340F18 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp ecx |
15_2_00342F6C |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
15_2_00310F6F |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [eax], dx |
15_2_0031F138 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [esi], ax |
15_2_0031F138 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov ebp, eax |
15_2_003071D8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
15_2_0032F2B8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
15_2_00343290 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+0Ch] |
15_2_003293AF |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh |
15_2_00343390 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+04h] |
15_2_0031340E |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] |
15_2_00305468 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-14h] |
15_2_0032B56A |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [eax], dx |
15_2_0031F540 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp+08h] |
15_2_003436C7 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h |
15_2_00343833 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h |
15_2_00325824 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx edx, byte ptr [esi+edi] |
15_2_00301878 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h |
15_2_00341918 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov ebx, dword ptr [edi+04h] |
15_2_0032DA58 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h |
15_2_0032BB20 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov word ptr [edx], ax |
15_2_00327B69 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp eax |
15_2_00327B48 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h |
15_2_00329BA8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00329BA8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h |
15_2_00329BA8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp eax |
15_2_00325C1B |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00345C62 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then cmp byte ptr [ebx], 00000000h |
15_2_00313CBA |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov edi, ecx |
15_2_00311D02 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then movzx edi, byte ptr [ecx+esi] |
15_2_00303D78 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-10h] |
15_2_0030DDC4 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+20h] |
15_2_00313E69 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov ecx, dword ptr [edx] |
15_2_002FDED8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then dec ebx |
15_2_0033BF08 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
15_2_0032FF74 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then jmp ecx |
15_2_00305FB0 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00309FE8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esp] |
15_2_00309FE8 |
Source: C:\ProgramData\HCFIIIJJKJ.exe |
Code function: 4x nop then mov eax, dword ptr [esi+30h] |
15_2_0032FFD5 |