Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
Analysis ID: 1541000
MD5: 87120a274008ae4e720012b8aebb6d99
SHA1: 07b42de1e4942c5619809b340829f3aaebd06fcc
SHA256: 2abd41097ebc205adc449bf3c6fcdff6d5ec789f45c8b1d3af7587b93bfc1a19
Tags: exeHealer
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_01000CFE CryptVerifySignatureA, 0_2_01000CFE
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2300536415.0000000000E22000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000003.2164139962.0000000005430000.00000004.00001000.00020000.00000000.sdmp

System Summary
barindex
PE file contains section with special chars
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: .idata
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FC24E6 0_2_00FC24E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E35AC2 0_2_00E35AC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E2DF03 0_2_00E2DF03
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2302819137.0000000000E26000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2308039171.000000000173E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Binary or memory string: OriginalFilenamedefOff.exe. vs SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe.log Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe String found in binary or memory: |RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeh
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Section loaded: sspicli.dll Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static file information: File size 2746880 > 1048576
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: Raw size of syiibscs is bigger than: 0x100000 < 0x298a00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2300536415.0000000000E22000.00000040.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000003.2164139962.0000000005430000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Unpacked PE file: 0.2.SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W;syiibscs:EW;zrfnqins:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: real checksum: 0x2a3429 should be: 0x29ff72
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name:
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: .idata
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: syiibscs
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: zrfnqins
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA31A0 push ebx; mov dword ptr [esp], 67EE4F9Ah 0_2_00FA3202
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA31A0 push edi; mov dword ptr [esp], 1DCFA054h 0_2_00FA3273
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3379 push ebx; mov dword ptr [esp], eax 0_2_00FA33B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3379 push esi; mov dword ptr [esp], 6BEAC5B3h 0_2_00FA33D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3379 push ecx; mov dword ptr [esp], ebp 0_2_00FA33F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3379 push edi; mov dword ptr [esp], eax 0_2_00FA3423
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E33CC8 push edx; mov dword ptr [esp], 7FFB3B96h 0_2_00E33CE4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E2EC66 push ecx; mov dword ptr [esp], 0FFE7A0Eh 0_2_00E2F555
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E310F7 push edi; mov dword ptr [esp], ecx 0_2_00E33000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_0104211F push ecx; mov dword ptr [esp], 056E18CDh 0_2_01042147
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_0104211F push ebx; mov dword ptr [esp], eax 0_2_0104216A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E330A0 push edx; mov dword ptr [esp], 0F5F1CA9h 0_2_00E330D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E330A0 push 29ACF2BDh; mov dword ptr [esp], esi 0_2_00E330E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_0101D146 push edi; mov dword ptr [esp], ecx 0_2_0101D15A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E320AA push edi; mov dword ptr [esp], eax 0_2_00E334B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FAC0A9 push ebp; mov dword ptr [esp], esi 0_2_00FAC7C2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E2F0B5 push eax; mov dword ptr [esp], 6A4F65B7h 0_2_00E2F0B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push edx; mov dword ptr [esp], eax 0_2_00FA30A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push eax; mov dword ptr [esp], edx 0_2_00FA30AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push esi; mov dword ptr [esp], 5D45CCEDh 0_2_00FA30BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push 7A5ECAE0h; mov dword ptr [esp], ebx 0_2_00FA30F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push cs; mov dword ptr [esp], ebx 0_2_00FA3113
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA3091 push 4F391A4Dh; mov dword ptr [esp], ecx 0_2_00FA317F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push edx; mov dword ptr [esp], eax 0_2_00FA30A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push eax; mov dword ptr [esp], edx 0_2_00FA30AA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push esi; mov dword ptr [esp], 5D45CCEDh 0_2_00FA30BD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push 7A5ECAE0h; mov dword ptr [esp], ebx 0_2_00FA30F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push 0EC97E00h; mov dword ptr [esp], ebx 0_2_00FA3113
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA307A push 4F391A4Dh; mov dword ptr [esp], ecx 0_2_00FA317F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FB0079 push ecx; mov dword ptr [esp], 7CCAFDA7h 0_2_00FB0080
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FB006B push 1C134FE3h; mov dword ptr [esp], eax 0_2_00FB24B2
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Static PE information: section name: entropy: 7.792371938288574

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA3043 second address: FA3047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA3047 second address: FA304B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA304B second address: FA306C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F53348525B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA306C second address: FA3071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA31D8 second address: FA31EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F53348525ACh 0x0000000b je 00007F53348525A6h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA31EC second address: FA31F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5335089F46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA3688 second address: FA36AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F53348525A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA36AC second address: FA36B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA37EE second address: FA3820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b jmp 00007F53348525ACh 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA3963 second address: FA3969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA6D74 second address: FA6D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA6D78 second address: FA6D8A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F5335089F48h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA6F43 second address: FA6F49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FA6F49 second address: FA6F5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5335089F50h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: F9D3BE second address: F9D3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: F9D3C2 second address: F9D3D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jo 00007F5335089F46h 0x0000000d jbe 00007F5335089F46h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: F9D3D6 second address: F9D3E6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F53348525A8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC457D second address: FC4581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC4703 second address: FC471B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jno 00007F53348525A6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 jbe 00007F53348525A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC471B second address: FC4721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC4721 second address: FC4731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F53348525A6h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC4731 second address: FC473D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jl 00007F5335089F46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC473D second address: FC4746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC4891 second address: FC48A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5335089F4Fh 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC48A7 second address: FC48BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F53348525ABh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC48BF second address: FC48C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC500F second address: FC5029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F53348525A6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F53348525A8h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC5029 second address: FC502D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC502D second address: FC5035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC5035 second address: FC503B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC5550 second address: FC5591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B1h 0x00000009 popad 0x0000000a jmp 00007F53348525B4h 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 jmp 00007F53348525B0h 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC56C1 second address: FC56C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC56C7 second address: FC56D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F53348525A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC612A second address: FC6137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5335089F46h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FC8445 second address: FC8450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F53348525A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC1CC second address: FCC1D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC24E second address: FCC259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC259 second address: FCC25D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC25D second address: FCC2A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 popad 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jp 00007F53348525BCh 0x0000001e jmp 00007F53348525B6h 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push esi 0x00000027 push eax 0x00000028 pop eax 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F53348525ABh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC2A5 second address: FCC2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FCC2A9 second address: FCC2C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F53348525ABh 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD184F second address: FD1855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD19C2 second address: FD19D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F53348525A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD19D1 second address: FD19D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD1B3B second address: FD1B3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD20F5 second address: FD2100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2100 second address: FD2130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F53348525AFh 0x0000000d jmp 00007F53348525B9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2130 second address: FD213C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5335089F4Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD4388 second address: FD43CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [eax] 0x0000000c push ecx 0x0000000d pushad 0x0000000e jmp 00007F53348525B8h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jno 00007F53348525A8h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD46A6 second address: FD46AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD496B second address: FD496F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD496F second address: FD4989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F5335089F4Ch 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD50C6 second address: FD50DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD50DF second address: FD50E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD50E3 second address: FD50E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD50E7 second address: FD5134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F5335089F48h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2C39h] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d jmp 00007F5335089F59h 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD56AC second address: FD56C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD5C8A second address: FD5C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD5C8F second address: FD5C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD5C95 second address: FD5C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD668E second address: FD6692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD7792 second address: FD7796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD6F3A second address: FD6F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F53348525A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD92E9 second address: FD92ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD92ED second address: FD92F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD92F3 second address: FD9313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F5335089F46h 0x0000000e jmp 00007F5335089F52h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD9313 second address: FD935B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F53348525AEh 0x0000000e ja 00007F53348525A6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F53348525B1h 0x0000001e je 00007F53348525BEh 0x00000024 ja 00007F53348525A6h 0x0000002a jmp 00007F53348525B2h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDA2F3 second address: FDA2F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDADDA second address: FDADDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDADDE second address: FDADE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDADE3 second address: FDAE03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B2h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDBB87 second address: FDBB8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDAE03 second address: FDAE07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDBB8D second address: FDBBC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5335089F56h 0x00000008 jmp 00007F5335089F4Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jnl 00007F5335089F67h 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDAE07 second address: FDAE11 instructions: 0x00000000 rdtsc 0x00000002 je 00007F53348525A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FDEF61 second address: FDEF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE04FD second address: FE051C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B5h 0x00000007 jng 00007F53348525B9h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE0AB5 second address: FE0AD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov bx, 7040h 0x00000011 push 00000000h 0x00000013 mov bx, 1BB0h 0x00000017 push 00000000h 0x00000019 movsx edi, cx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE0AD7 second address: FE0ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE3B03 second address: FE3B07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE2C13 second address: FE2C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE3CBC second address: FE3CCA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F5335089F46h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE2C17 second address: FE2C34 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F53348525A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F53348525B1h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE4C97 second address: FE4CA1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE3CCA second address: FE3CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE5B8A second address: FE5B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5335089F50h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE4CA1 second address: FE4CA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE3D93 second address: FE3DAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE3DAB second address: FE3DD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F53348525A6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE6B4D second address: FE6BCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F5335089F48h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007F5335089F48h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000015h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D2672h], ebx 0x00000048 jmp 00007F5335089F4Bh 0x0000004d push 00000000h 0x0000004f mov dword ptr [ebp+1245E6C3h], ebx 0x00000055 xchg eax, esi 0x00000056 js 00007F5335089F66h 0x0000005c push eax 0x0000005d push edx 0x0000005e jno 00007F5335089F46h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE8B35 second address: FE8B39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE8B39 second address: FE8B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5335089F57h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE8B5A second address: FE8B5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEA0CD second address: FEA0DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5335089F4Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FE93F4 second address: FE93FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB037 second address: FEB03B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB03B second address: FEB09B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007F53348525A6h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push ecx 0x00000013 push edx 0x00000014 jl 00007F53348525A6h 0x0000001a pop edx 0x0000001b pop ecx 0x0000001c nop 0x0000001d mov edi, 58AD5508h 0x00000022 push 00000000h 0x00000024 add dword ptr [ebp+122D3348h], edi 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F53348525A8h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov di, 0E7Eh 0x0000004a xchg eax, esi 0x0000004b jng 00007F53348525B4h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB09B second address: FEB09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB09F second address: FEB0AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB0AB second address: FEB0B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEB0B0 second address: FEB0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEC15F second address: FEC163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FED4E6 second address: FED502 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FED502 second address: FED506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FED506 second address: FED50C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FED50C second address: FED516 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5335089F4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FEE414 second address: FEE41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F53348525A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FF0130 second address: FF014F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F5335089F48h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FF014F second address: FF0155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FF0362 second address: FF0391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F5335089F4Fh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FFA17E second address: FFA184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FFA310 second address: FFA32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jbe 00007F5335089F46h 0x0000000f je 00007F5335089F46h 0x00000015 popad 0x00000016 jns 00007F5335089F48h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FFA32E second address: FFA33A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F53348525A6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FFA33A second address: FFA364 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F5335089F46h 0x00000012 jmp 00007F5335089F58h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1003FDF second address: 1003FE4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1003FE4 second address: 1004004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F5335089F4Ah 0x0000000d jmp 00007F5335089F4Bh 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: F9B9F8 second address: F9BA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525ADh 0x00000009 jmp 00007F53348525AEh 0x0000000e popad 0x0000000f jmp 00007F53348525ADh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 100930A second address: 1009341 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F5335089F4Fh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jnp 00007F5335089F52h 0x00000017 jmp 00007F5335089F4Ch 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push esi 0x00000025 pop esi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1009341 second address: 1009347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1009347 second address: 100934C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1009477 second address: 1009481 instructions: 0x00000000 rdtsc 0x00000002 js 00007F53348525ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1009481 second address: 10094A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 jno 00007F5335089F4Ch 0x0000000e pop edi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10094A0 second address: 10094A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10094A4 second address: 10094A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10094A8 second address: 10094AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10094AE second address: 10094BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10095A3 second address: 10095A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1011891 second address: 10118AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5335089F54h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1011F0A second address: 1011F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F53348525A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1011F14 second address: 1011F24 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5335089F46h 0x00000008 jne 00007F5335089F46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1012464 second address: 1012468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1012468 second address: 1012491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push esi 0x0000000f jmp 00007F5335089F4Fh 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F5335089F46h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10125CF second address: 10125D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10125D3 second address: 10125EF instructions: 0x00000000 rdtsc 0x00000002 je 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F5335089F52h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10125EF second address: 10125FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F53348525A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10125FB second address: 10125FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1017433 second address: 101743A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 101743A second address: 101743F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10175EB second address: 10175F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FBCFFE second address: FBD005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1017B54 second address: 1017B6D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F53348525A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F53348525A8h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1017B6D second address: 1017BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F5335089F5Fh 0x0000000e jmp 00007F5335089F53h 0x00000013 je 00007F5335089F46h 0x00000019 ja 00007F5335089F6Ch 0x0000001f jmp 00007F5335089F54h 0x00000024 jmp 00007F5335089F52h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 101BF8A second address: 101BF9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 101C275 second address: 101C27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 101CEFF second address: 101CF14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525ABh 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 101CF14 second address: 101CF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2B4E second address: FD2BA0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b call 00007F53348525B5h 0x00000010 jne 00007F53348525BBh 0x00000016 pop ecx 0x00000017 lea eax, dword ptr [ebp+124788A3h] 0x0000001d movzx ecx, bx 0x00000020 nop 0x00000021 pushad 0x00000022 jnp 00007F53348525A8h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2BA0 second address: FD2BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2BA6 second address: FD2BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD2BB1 second address: FBC4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F5335089F50h 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F5335089F48h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov cx, 9064h 0x0000002a call dword ptr [ebp+12455E61h] 0x00000030 jnp 00007F5335089F62h 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3278 second address: FD327C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD327C second address: FD32DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 2F8038CFh 0x0000000d add cx, 050Ch 0x00000012 mov di, ax 0x00000015 call 00007F5335089F49h 0x0000001a jno 00007F5335089F54h 0x00000020 push eax 0x00000021 push ebx 0x00000022 jnp 00007F5335089F48h 0x00000028 pushad 0x00000029 popad 0x0000002a pop ebx 0x0000002b mov eax, dword ptr [esp+04h] 0x0000002f jmp 00007F5335089F4Fh 0x00000034 mov eax, dword ptr [eax] 0x00000036 pushad 0x00000037 jne 00007F5335089F48h 0x0000003d push eax 0x0000003e push edx 0x0000003f jo 00007F5335089F46h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD32DF second address: FD32FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F53348525B3h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD32FF second address: FD3315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5335089F52h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD33C8 second address: FD33CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD33CC second address: FD33D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD35B1 second address: FD35E3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F53348525B4h 0x00000008 jmp 00007F53348525AEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F53348525AFh 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD35E3 second address: FD35EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3CB9 second address: FD3CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jp 00007F53348525B4h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3CCB second address: FD3CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD4009 second address: FD4014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F53348525A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD4014 second address: FD4020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD4020 second address: FD4062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F53348525A8h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 mov dword ptr [ebp+1244DE51h], ecx 0x00000027 mov edx, dword ptr [ebp+122D2F49h] 0x0000002d lea eax, dword ptr [ebp+124788A3h] 0x00000033 mov dword ptr [ebp+1244DE51h], edi 0x00000039 push eax 0x0000003a push esi 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD4062 second address: FBCFFE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F5335089F48h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 call dword ptr [ebp+122D348Fh] 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024701 second address: 1024725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F53348525B9h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024725 second address: 102472B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102472B second address: 102472F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102472F second address: 1024735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10248C9 second address: 10248DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F53348525ACh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10248DA second address: 1024902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F5335089F46h 0x00000009 jmp 00007F5335089F56h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024902 second address: 102490A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102490A second address: 1024920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5335089F4Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024A9D second address: 1024AA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024AA1 second address: 1024AD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F5335089F58h 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F5335089F4Bh 0x00000013 popad 0x00000014 pushad 0x00000015 jng 00007F5335089F46h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1024C0A second address: 1024C67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B7h 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F53348525B5h 0x00000012 jmp 00007F53348525ADh 0x00000017 jmp 00007F53348525B2h 0x0000001c popad 0x0000001d pushad 0x0000001e jng 00007F53348525A6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10250D7 second address: 10250EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5335089F54h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10250EF second address: 1025105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1028BB2 second address: 1028BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1028BB6 second address: 1028BD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1028BD3 second address: 1028C02 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5335089F52h 0x00000008 jns 00007F5335089F46h 0x0000000e pop edi 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c jo 00007F5335089F46h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF63 second address: 102AF6D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F53348525A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF6D second address: 102AF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F5335089F46h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF7D second address: 102AF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF81 second address: 102AF85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF85 second address: 102AF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AF8B second address: 102AF90 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AABB second address: 102AAC5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F53348525B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AAC5 second address: 102AACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AC28 second address: 102AC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F53348525B1h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AC44 second address: 102AC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102AC4A second address: 102AC7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F53348525A6h 0x00000010 jmp 00007F53348525AEh 0x00000015 popad 0x00000016 popad 0x00000017 push ecx 0x00000018 jnp 00007F53348525ACh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 102ED31 second address: 102ED37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1032C8D second address: 1032C93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1032365 second address: 103236B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103293B second address: 1032949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jg 00007F53348525A6h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1038039 second address: 1038041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1038041 second address: 103806A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F53348525A6h 0x0000000a popad 0x0000000b jmp 00007F53348525ABh 0x00000010 pop esi 0x00000011 push eax 0x00000012 jl 00007F53348525AEh 0x00000018 js 00007F53348525A6h 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1036914 second address: 103691A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1036A97 second address: 1036A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1036A9D second address: 1036ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5335089F58h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1036ABC second address: 1036AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F53348525AAh 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F53348525A6h 0x00000017 jmp 00007F53348525B5h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1036F34 second address: 1036F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3A81 second address: FD3A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3A87 second address: FD3A9D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F5335089F4Eh 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD3A9D second address: FD3AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 sbb cx, 509Eh 0x0000000b push 00000004h 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F53348525A8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 push eax 0x00000028 pushad 0x00000029 jmp 00007F53348525B7h 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103C7F3 second address: 103C80D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F5335089F46h 0x0000000a jmp 00007F5335089F50h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103C80D second address: 103C812 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103C812 second address: 103C818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103BB98 second address: 103BBB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F53348525B0h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103BF6E second address: 103BF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F5335089F55h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103BF8E second address: 103BFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103C134 second address: 103C142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 js 00007F5335089F46h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 103C142 second address: 103C147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042CD6 second address: 1042CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5335089F46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042CE0 second address: 1042CF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042CF2 second address: 1042CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042CFB second address: 1042D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042D02 second address: 1042D07 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042FE6 second address: 1042FED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1042FED second address: 1043001 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5335089F48h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jp 00007F5335089F46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1043320 second address: 1043326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1043326 second address: 104332B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104332B second address: 1043347 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F53348525B7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1043347 second address: 1043356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F5335089F52h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1043356 second address: 104335C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104361F second address: 1043629 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5335089F4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104BE84 second address: 104BE95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F53348525A6h 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104BE95 second address: 104BE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104BE9B second address: 104BE9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B03F second address: 104B053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 push edi 0x00000008 pop edi 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F5335089F46h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B053 second address: 104B057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B1B7 second address: 104B1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B779 second address: 104B77D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B77D second address: 104B798 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5335089F46h 0x00000008 jnp 00007F5335089F46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007F5335089F48h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B798 second address: 104B7A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F53348525A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104B7A4 second address: 104B7A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 104BA77 second address: 104BA83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1053161 second address: 1053166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051910 second address: 1051925 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051925 second address: 1051940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5335089F57h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051AA0 second address: 1051AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051D8E second address: 1051D94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051D94 second address: 1051DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F53348525ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 je 00007F53348525A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051DB4 second address: 1051DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051DB8 second address: 1051DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051DC2 second address: 1051DC8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051DC8 second address: 1051DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F2A second address: 1051F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F30 second address: 1051F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F53348525A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F3B second address: 1051F66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 js 00007F5335089F46h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jc 00007F5335089F46h 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F5335089F50h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F66 second address: 1051F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F6A second address: 1051F73 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1051F73 second address: 1051F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jp 00007F53348525A6h 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10520C0 second address: 10520C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10520C9 second address: 10520D4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10526EC second address: 10526F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10526F2 second address: 1052713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F53348525B2h 0x0000000e ja 00007F53348525A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1052713 second address: 105271D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5335089F46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 105271D second address: 1052729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F53348525A6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1052F80 second address: 1052F8A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5335089F46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1050E99 second address: 1050EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F53348525B0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1050EAF second address: 1050EC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1059289 second address: 105928E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 105928E second address: 1059294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1059294 second address: 10592A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F53348525ADh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106E041 second address: 106E047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106E047 second address: 106E05C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525ABh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106E05C second address: 106E062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106E062 second address: 106E070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F53348525AAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: F9840C second address: F98438 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F4Dh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F5335089F55h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106DC51 second address: 106DC55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106DC55 second address: 106DC59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106DD87 second address: 106DDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F53348525A6h 0x0000000a jmp 00007F53348525B6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007F53348525A6h 0x0000001a ja 00007F53348525A6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 106DDB8 second address: 106DDBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1072331 second address: 1072335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1072335 second address: 107233E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 107A7AA second address: 107A7B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 107A7B0 second address: 107A7C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5335089F4Bh 0x00000008 pop eax 0x00000009 jns 00007F5335089F4Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 107CD15 second address: 107CD1A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 107CD1A second address: 107CD22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081890 second address: 1081894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081894 second address: 10818A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jne 00007F5335089F46h 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10818A2 second address: 10818D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f jmp 00007F53348525ABh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10818D0 second address: 10818D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081D35 second address: 1081D3B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081D3B second address: 1081D4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5335089F4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081D4A second address: 1081D4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1081EA2 second address: 1081EBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d je 00007F5335089F46h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 108215C second address: 1082166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1082166 second address: 108216A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 108216A second address: 108218A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F53348525A6h 0x00000008 jmp 00007F53348525B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1082B7B second address: 1082B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1082B7F second address: 1082BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F53348525B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 1087451 second address: 108746E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F59h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 108746E second address: 1087477 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 108E538 second address: 108E552 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5335089F46h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F5335089F4Bh 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10A2942 second address: 10A295B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AA7DD second address: 10AA7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AA931 second address: 10AA94F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F53348525B9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AAC47 second address: 10AAC72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5335089F57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F5335089F46h 0x00000010 jc 00007F5335089F46h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AAE22 second address: 10AAE28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AAE28 second address: 10AAE34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5335089F46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AAF66 second address: 10AAF83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F53348525B9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE06A second address: 10AE070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE070 second address: 10AE074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE074 second address: 10AE080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE080 second address: 10AE086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE086 second address: 10AE08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE08A second address: 10AE0B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F53348525AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F53348525B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AE0B2 second address: 10AE0C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AFF19 second address: 10AFF34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F53348525B4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AFF34 second address: 10AFF3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10AFD7C second address: 10AFDA0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F53348525AAh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F53348525B0h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B6384 second address: 10B638A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B7BC0 second address: 10B7BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F53348525B8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jnc 00007F53348525A6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B7BED second address: 10B7BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F5335089F46h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B997D second address: 10B9987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F53348525A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B9987 second address: 10B99A6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5335089F46h 0x00000008 jmp 00007F5335089F55h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B0E92 second address: 10B0EA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F53348525A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F53348525A6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B0EA4 second address: 10B0EB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B0EB1 second address: 10B0ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F53348525B0h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F53348525A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B0ED2 second address: 10B0ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: 10B0D1E second address: 10B0D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe RDTSC instruction interceptor: First address: FD71E3 second address: FD71E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: FCC132 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: FF356D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: E2DDED instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: FD2D82 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: 1061869 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Special instruction interceptor: First address: E34B37 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Memory allocated: 5710000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Memory allocated: 5780000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Memory allocated: 7780000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA31A0 rdtsc 0_2_00FA31A0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe TID: 64 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_010058E0 GetSystemInfo,VirtualAlloc, 0_2_010058E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2306068755.0000000000FAB000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2306068755.0000000000FAB000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File opened: NTICE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File opened: SICE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00FA31A0 rdtsc 0_2_00FA31A0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Code function: 0_2_00E2B9D4 LdrInitializeThunk,LdrInitializeThunk, 0_2_00E2B9D4
Enables debug privileges
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Memory allocated: page read and write | page guard Jump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe, 00000000.00000002.2307101817.0000000000FF2000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: lProgram Manager

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541000 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 11 Machine Learning detection for sample 2->11 13 PE file contains section with special chars 2->13 15 AI detected suspicious sample 2->15 5 SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe 9 1 2->5         started        process3 file4 9 SecuriteInfo.com.W....18822.1315.exe.log, CSV 5->9 dropped 17 Detected unpacking (changes PE section rights) 5->17 19 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->19 21 Modifies windows update settings 5->21 23 8 other signatures 5->23 signatures5
No contacted IP infos