Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe
Analysis ID:1630088
MD5:8c767708c9a9554c0afb504629e75ffd
SHA1:c65394806c0f77af880c7ff8a021bd4222ca3f11
SHA256:dcb373f73cc5e29881b6c97f753da1db91becee01b5eade03b0fd217d10b4e7d
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

SystemBC
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected SystemBC
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • vjnihhj.exe (PID: 4208 cmdline: C:\ProgramData\hlrxnb\vjnihhj.exe MD5: 8C767708C9A9554C0AFB504629E75FFD)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
SystemBCSystemBC is a multiplatform proxy malware active since August 2019. It creates SOCKS5 network tunnels in the victims network and connects to its C2 server using a custom, RC4-encrypted protocol. It can also download and execute additional malware, with payloads either written to disk or mapped into memory. The SystemBC kit, including the C2 panel, server, and malware executables, is sold in underground forums.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.systembc

Malware Configuration

Threatname: SystemBC

{"HOST1": "towerbingobongoboom.com", "HOST2": "62.60.226.86"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.2226309886.00000000025A4000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
    00000000.00000003.2186826289.0000000004754000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_SystemBCYara detected SystemBCJoe Security
      Process Memory Space: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe PID: 2620JoeSecurity_SystemBCYara detected SystemBCJoe Security
        Process Memory Space: vjnihhj.exe PID: 4208JoeSecurity_SystemBCYara detected SystemBCJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Suspicious Outbound SMTP Connections
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 160.13.60.151, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\ProgramData\hlrxnb\vjnihhj.exe, Initiated: true, ProcessId: 4208, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49895

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: towerbingobongoboom.comAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000002.00000003.2226309886.00000000025A4000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SystemBC {"HOST1": "towerbingobongoboom.com", "HOST2": "62.60.226.86"}
          Multi AV Scanner detection for dropped file
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeReversingLabs: Detection: 75%
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeVirustotal: Detection: 62%Perma Link
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeReversingLabs: Detection: 75%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: towerbingobongoboom.com
          Source: Malware configuration extractorURLs: 62.60.226.86
          Source: global trafficTCP traffic: 192.168.2.6:49730 -> 213.209.150.137:4000
          Source: global trafficTCP traffic: 192.168.2.6:49895 -> 160.13.60.151:587
          Source: global trafficTCP traffic: 192.168.2.6:49895 -> 160.13.60.151:587
          Source: global trafficHTTP traffic detected: GET / HTTP/1.0Host: 142.250.188.238Accept: text/htmlUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: close
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.188.238
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.188.238
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.188.238
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.188.238
          Source: unknownTCP traffic detected without corresponding DNS query: 142.250.188.238
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET / HTTP/1.0Host: 142.250.188.238Accept: text/htmlUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: close
          Source: global trafficDNS traffic detected: DNS query: towerbingobongoboom.com
          Source: global trafficDNS traffic detected: DNS query: smtp.ae.em-net.ne.jp
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl.globalsign.com/root.crl0G
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr103
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, vjnihhj.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0

          System Summary

          barindex
          PE file contains section with special chars
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: .idata
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name:
          Source: vjnihhj.exe.0.drStatic PE information: section name:
          Source: vjnihhj.exe.0.drStatic PE information: section name: .idata
          Source: vjnihhj.exe.0.drStatic PE information: section name:
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: invalid certificate
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: Section: olgrrmkl ZLIB complexity 0.9944783063831429
          Source: vjnihhj.exe.0.drStatic PE information: Section: olgrrmkl ZLIB complexity 0.9944783063831429
          Source: classification engineClassification label: mal100.troj.evad.winEXE@2/3@2/3
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeMutant created: \Sessions\1\BaseNamedObjects\Test Task17
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeVirustotal: Detection: 62%
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeReversingLabs: Detection: 75%
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: vjnihhj.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe"
          Source: unknownProcess created: C:\ProgramData\hlrxnb\vjnihhj.exe C:\ProgramData\hlrxnb\vjnihhj.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: mstask.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSection loaded: mpr.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: winmm.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: mstask.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic file information: File size 1692768 > 1048576
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: Raw size of olgrrmkl is bigger than: 0x100000 < 0x194e00

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeUnpacked PE file: 0.2.SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;olgrrmkl:EW;mgseqlbm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;olgrrmkl:EW;mgseqlbm:EW;.taggant:EW;
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeUnpacked PE file: 2.2.vjnihhj.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;olgrrmkl:EW;mgseqlbm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;olgrrmkl:EW;mgseqlbm:EW;.taggant:EW;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: real checksum: 0x1a09b7 should be: 0x1a4356
          Source: vjnihhj.exe.0.drStatic PE information: real checksum: 0x1a09b7 should be: 0x1a4356
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: .idata
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name:
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: olgrrmkl
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: mgseqlbm
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: .taggant
          Source: vjnihhj.exe.0.drStatic PE information: section name:
          Source: vjnihhj.exe.0.drStatic PE information: section name: .idata
          Source: vjnihhj.exe.0.drStatic PE information: section name:
          Source: vjnihhj.exe.0.drStatic PE information: section name: olgrrmkl
          Source: vjnihhj.exe.0.drStatic PE information: section name: mgseqlbm
          Source: vjnihhj.exe.0.drStatic PE information: section name: .taggant
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: entropy: 7.808263468669339
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeStatic PE information: section name: olgrrmkl entropy: 7.951270741778321
          Source: vjnihhj.exe.0.drStatic PE information: section name: entropy: 7.808263468669339
          Source: vjnihhj.exe.0.drStatic PE information: section name: olgrrmkl entropy: 7.951270741778321
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile created: C:\ProgramData\hlrxnb\vjnihhj.exeJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile created: C:\ProgramData\hlrxnb\vjnihhj.exeJump to dropped file

          Boot Survival

          barindex
          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile created: C:\Windows\Tasks\Test Task17.jobJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect sandboxes / dynamic malware analysis system (registry check)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 40BA1A second address: 40BA1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56A917 second address: 56A92F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68ACh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 578A01 second address: 578A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F21E4512D56h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F21E4512D64h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 578A21 second address: 578A27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57913D second address: 579163 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F21E4512D5Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F21E4512D5Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5792E0 second address: 5792E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C732 second address: 57C737 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C737 second address: 57C785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68B3h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F21E44F68B4h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F21E44F68B3h 0x0000001b mov eax, dword ptr [eax] 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C84C second address: 57C852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C852 second address: 57C856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C856 second address: 57C8A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 685184E3h 0x00000012 jc 00007F21E4512D5Bh 0x00000018 sub si, E3A2h 0x0000001d push 00000003h 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+156D1899h], esi 0x00000027 mov esi, dword ptr [ebp+156D38E1h] 0x0000002d push 00000003h 0x0000002f xor edi, dword ptr [ebp+156D3540h] 0x00000035 call 00007F21E4512D59h 0x0000003a push eax 0x0000003b push edx 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C8A3 second address: 57C8A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C8A8 second address: 57C8CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C8CA second address: 57C8F3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F21E44F68B6h 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C8F3 second address: 57C902 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C902 second address: 57C927 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F21E44F68B7h 0x00000014 jmp 00007F21E44F68B1h 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C927 second address: 57C92D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57C92D second address: 57C94A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F21E44F68AEh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA00 second address: 57CA24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F21E4512D56h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f mov edi, dword ptr [ebp+156D28D8h] 0x00000015 push 59A559FBh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jns 00007F21E4512D56h 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA24 second address: 57CA2E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA2E second address: 57CA78 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F21E4512D58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 59A5597Bh 0x00000011 jnp 00007F21E4512D5Ch 0x00000017 push 00000003h 0x00000019 cmc 0x0000001a push 00000000h 0x0000001c jne 00007F21E4512D5Ch 0x00000022 push 00000003h 0x00000024 pushad 0x00000025 mov dword ptr [ebp+156D2EEBh], ebx 0x0000002b stc 0x0000002c popad 0x0000002d call 00007F21E4512D59h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA78 second address: 57CA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA7C second address: 57CA82 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CA82 second address: 57CAA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 57CAA2 second address: 57CAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F21E4512D56h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 58DF16 second address: 58DF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 58DF1A second address: 58DF1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 58DF1E second address: 58DF27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59C150 second address: 59C154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A4B8 second address: 59A4BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A4BC second address: 59A4C6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E4512D56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A4C6 second address: 59A4CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A4CF second address: 59A4D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A4D5 second address: 59A513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F21E44F68AEh 0x0000000b jnc 00007F21E44F68ACh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F21E44F68A6h 0x0000001c jmp 00007F21E44F68B4h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59A513 second address: 59A539 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F21E4512D68h 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59AB63 second address: 59AB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59AB67 second address: 59AB7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59AB7F second address: 59AB8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007F21E44F68AEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59ACF1 second address: 59ACF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59ACF5 second address: 59AD0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F21E44F68A6h 0x0000000d jbe 00007F21E44F68A6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59AFFC second address: 59B010 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B010 second address: 59B014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B199 second address: 59B1C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F21E4512D56h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F21E4512D68h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B305 second address: 59B321 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F21E44F68AEh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B321 second address: 59B325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B325 second address: 59B336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F21E44F68ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B336 second address: 59B33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B33A second address: 59B342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B342 second address: 59B346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59B8D2 second address: 59B8D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 59BD01 second address: 59BD19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F21E4512D56h 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A3B35 second address: 5A3B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56731C second address: 567320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 567320 second address: 56733D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F21E44F68A6h 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F21E44F68ADh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7AC3 second address: 5A7AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7AC7 second address: 5A7ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7ACB second address: 5A7ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F21E4512D5Eh 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7ADF second address: 5A7AFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E44F68B8h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7AFB second address: 5A7B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7C62 second address: 5A7C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7DE1 second address: 5A7DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7DE7 second address: 5A7DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7DEC second address: 5A7DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A7DF2 second address: 5A7E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68ABh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A8224 second address: 5A8228 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A8228 second address: 5A822E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A822E second address: 5A8246 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F21E4512D5Eh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA674 second address: 5AA678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA678 second address: 5AA686 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F21E4512D56h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA686 second address: 5AA6DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jno 00007F21E44F68B2h 0x00000014 pop eax 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F21E44F68A8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f push A5A0C805h 0x00000034 push eax 0x00000035 push edx 0x00000036 push ebx 0x00000037 pushad 0x00000038 popad 0x00000039 pop ebx 0x0000003a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA6DC second address: 5AA6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA6E2 second address: 5AA6E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AB517 second address: 5AB51B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AB793 second address: 5AB798 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AB83E second address: 5AB842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ABDA6 second address: 5ABDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ABDAB second address: 5ABDC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D64h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ABDC3 second address: 5ABDE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F21E44F68A8h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ABDE6 second address: 5ABDF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F21E4512D56h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DE34 second address: 56DE5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a ja 00007F21E44F68A6h 0x00000010 je 00007F21E44F68A6h 0x00000016 pop edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DE5C second address: 56DE90 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F21E4512D58h 0x00000008 jmp 00007F21E4512D65h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F21E4512D5Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DE90 second address: 56DE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DE96 second address: 56DE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DE9C second address: 56DEA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56DEA1 second address: 56DEC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F21E4512D56h 0x0000000a jmp 00007F21E4512D66h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ADDC9 second address: 5ADDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jbe 00007F21E44F68ACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ADE67 second address: 5ADE6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ADE6B second address: 5ADE75 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5ADE75 second address: 5ADE8C instructions: 0x00000000 rdtsc 0x00000002 je 00007F21E4512D5Ch 0x00000008 ja 00007F21E4512D56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push esi 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AF9A9 second address: 5AF9AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AF9AD second address: 5AFA37 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d jmp 00007F21E4512D5Eh 0x00000012 pop eax 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F21E4512D58h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e push ebx 0x0000002f clc 0x00000030 pop esi 0x00000031 jnp 00007F21E4512D56h 0x00000037 push 00000000h 0x00000039 jnl 00007F21E4512D5Ch 0x0000003f xor dword ptr [ebp+156D2C6Eh], ebx 0x00000045 push 00000000h 0x00000047 movzx esi, si 0x0000004a xchg eax, ebx 0x0000004b jno 00007F21E4512D5Ah 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 push edi 0x00000056 pop edi 0x00000057 jmp 00007F21E4512D66h 0x0000005c popad 0x0000005d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B0462 second address: 5B046C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B046C second address: 5B0489 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D69h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B01BA second address: 5B01BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B0489 second address: 5B04DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov cx, si 0x00000012 jmp 00007F21E4512D67h 0x00000017 popad 0x00000018 push 00000000h 0x0000001a clc 0x0000001b push 00000000h 0x0000001d mov edi, 4023064Bh 0x00000022 push eax 0x00000023 push esi 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F21E4512D5Ch 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B170D second address: 5B1713 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B21D1 second address: 5B21D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B1713 second address: 5B171D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F21E44F68A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3E17 second address: 5B3E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D67h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3E32 second address: 5B3E42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3E42 second address: 5B3E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3E47 second address: 5B3E4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B4DA4 second address: 5B4DA9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B4DA9 second address: 5B4E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F21E44F68A8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov ebx, 60B84B00h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F21E44F68A8h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 0000001Dh 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 jbe 00007F21E44F68ACh 0x0000004b mov edi, dword ptr [ebp+156D2D18h] 0x00000051 push 00000000h 0x00000053 mov ebx, dword ptr [ebp+156D3849h] 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F21E44F68B6h 0x00000061 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B4E2A second address: 5B4E30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3FD2 second address: 5B3FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3FD7 second address: 5B3FDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B3FDD second address: 5B3FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B6FEA second address: 5B6FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B6FF0 second address: 5B702F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F21E44F68B3h 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F21E44F68AAh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F21E44F68B6h 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B702F second address: 5B7033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B8F3E second address: 5B8F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B72DB second address: 5B7301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F21E4512D5Ch 0x00000013 jnl 00007F21E4512D56h 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5B7301 second address: 5B731D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F21E44F68B7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BD3E3 second address: 5BD3ED instructions: 0x00000000 rdtsc 0x00000002 jp 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BF3D8 second address: 5BF3DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BF3DC second address: 5BF42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F21E4512D61h 0x0000000b popad 0x0000000c nop 0x0000000d mov ebx, dword ptr [ebp+156D3745h] 0x00000013 push 00000000h 0x00000015 movsx ebx, bx 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+156D38EDh] 0x00000020 mov dword ptr [ebp+156D28AEh], esi 0x00000026 xchg eax, esi 0x00000027 pushad 0x00000028 pushad 0x00000029 jmp 00007F21E4512D68h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C15AF second address: 5C15B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C15B3 second address: 5C15B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C15B9 second address: 5C15E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F21E44F68B3h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BC62C second address: 5BC631 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C2657 second address: 5C265B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BD611 second address: 5BD617 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C265B second address: 5C265F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BE6F0 second address: 5BE70C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D68h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BC631 second address: 5BC656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68AFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F21E44F68ACh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C3633 second address: 5C36A8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E4512D58h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov eax, 7C82FF52h 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 mov dword ptr [ebp+156D1A99h], eax 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F21E4512D58h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000016h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b jmp 00007F21E4512D5Ch 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ecx 0x00000045 call 00007F21E4512D58h 0x0000004a pop ecx 0x0000004b mov dword ptr [esp+04h], ecx 0x0000004f add dword ptr [esp+04h], 00000015h 0x00000057 inc ecx 0x00000058 push ecx 0x00000059 ret 0x0000005a pop ecx 0x0000005b ret 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 jne 00007F21E4512D56h 0x00000066 pop eax 0x00000067 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BF592 second address: 5BF632 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F21E44F68A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F21E44F68A8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push dword ptr fs:[00000000h] 0x00000030 push 00000000h 0x00000032 push eax 0x00000033 call 00007F21E44F68A8h 0x00000038 pop eax 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc eax 0x00000046 push eax 0x00000047 ret 0x00000048 pop eax 0x00000049 ret 0x0000004a pushad 0x0000004b mov dword ptr [ebp+156D21F7h], ecx 0x00000051 mov ebx, dword ptr [ebp+156D5903h] 0x00000057 popad 0x00000058 mov dword ptr fs:[00000000h], esp 0x0000005f mov ebx, dword ptr [ebp+156D36D5h] 0x00000065 mov eax, dword ptr [ebp+156D0EE5h] 0x0000006b mov edi, dword ptr [ebp+1585005Dh] 0x00000071 push FFFFFFFFh 0x00000073 push edi 0x00000074 jnc 00007F21E44F68BEh 0x0000007a pop ebx 0x0000007b nop 0x0000007c pushad 0x0000007d push ebx 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BF632 second address: 5BF63A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5BF63A second address: 5BF640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C06C7 second address: 5C06D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F21E4512D56h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C06D7 second address: 5C06DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C28EE second address: 5C28F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C28F2 second address: 5C28F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C28F8 second address: 5C28FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C90BC second address: 5C90C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5C90C4 second address: 5C90EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F21E4512D58h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F21E4512D6Bh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007F21E4512D63h 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5CE065 second address: 5CE06B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5CE06B second address: 5CE06F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5CDA91 second address: 5CDA95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5CDA95 second address: 5CDA9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5CDA9B second address: 5CDAC2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F21E44F68ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F21E44F68B5h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D1492 second address: 5D149C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D149C second address: 5D14A6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F21E44F68ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D1645 second address: 40BA1A instructions: 0x00000000 rdtsc 0x00000002 js 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 6F134260h 0x00000012 jmp 00007F21E4512D5Ch 0x00000017 pushad 0x00000018 push ebx 0x00000019 pop ecx 0x0000001a clc 0x0000001b popad 0x0000001c push dword ptr [ebp+156D08A1h] 0x00000022 stc 0x00000023 call dword ptr [ebp+156D2C65h] 0x00000029 pushad 0x0000002a jmp 00007F21E4512D67h 0x0000002f xor eax, eax 0x00000031 mov dword ptr [ebp+156D2EE6h], edi 0x00000037 mov edx, dword ptr [esp+28h] 0x0000003b cmc 0x0000003c mov dword ptr [ebp+156D3799h], eax 0x00000042 jmp 00007F21E4512D5Fh 0x00000047 mov esi, 0000003Ch 0x0000004c jne 00007F21E4512D5Ch 0x00000052 mov dword ptr [ebp+156D2960h], edx 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c jmp 00007F21E4512D5Bh 0x00000061 lodsw 0x00000063 jo 00007F21E4512D5Ch 0x00000069 mov dword ptr [ebp+156D33D0h], eax 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 jmp 00007F21E4512D5Eh 0x00000078 jnp 00007F21E4512D57h 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 jo 00007F21E4512D5Ch 0x00000088 sub dword ptr [ebp+156D21F7h], ebx 0x0000008e nop 0x0000008f push eax 0x00000090 push edx 0x00000091 jmp 00007F21E4512D5Ch 0x00000096 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9936 second address: 5D993C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D993C second address: 5D9944 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9944 second address: 5D996F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F21E44F68AEh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F21E44F68AFh 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D8E89 second address: 5D8E8F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D8E8F second address: 5D8E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9028 second address: 5D9039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F21E4512D5Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9039 second address: 5D9043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F21E44F68A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9043 second address: 5D9047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D919B second address: 5D91A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D91A1 second address: 5D91CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 jmp 00007F21E4512D5Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F21E4512D69h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9314 second address: 5D933F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F21E44F68A6h 0x00000012 pop esi 0x00000013 pushad 0x00000014 jg 00007F21E44F68A6h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D933F second address: 5D9345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D9487 second address: 5D94A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F21E44F68B9h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D94A8 second address: 5D94C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F21E4512D58h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007F21E4512D5Ah 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D94C7 second address: 5D94CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D94CC second address: 5D94D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D94D2 second address: 5D94DC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F21E44F68A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D94DC second address: 5D94E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5D964C second address: 5D9653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DDA41 second address: 5DDA45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DDCDE second address: 5DDCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68B2h 0x00000009 pop ebx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DDCF5 second address: 5DDCFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DD728 second address: 5DD72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DD72E second address: 5DD748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007F21E4512D56h 0x0000000c jmp 00007F21E4512D5Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DD748 second address: 5DD74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DD74D second address: 5DD769 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F21E4512D5Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c jng 00007F21E4512D56h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DD769 second address: 5DD76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DE59C second address: 5DE5A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DE5A0 second address: 5DE5CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F21E44F68AAh 0x0000000c pushad 0x0000000d jmp 00007F21E44F68B7h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DE5CC second address: 5DE5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 js 00007F21E4512D5Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5DE5DB second address: 5DE5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F21E44F68B7h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E5FDB second address: 5E5FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E5FDF second address: 5E5FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 56C365 second address: 56C369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E4B05 second address: 5E4B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E4B09 second address: 5E4B1B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F21E4512D5Ch 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E5080 second address: 5E5084 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E51B9 second address: 5E51BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E550D second address: 5E5521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E44F68B0h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E57E1 second address: 5E57F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 592685 second address: 59268A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 568DC2 second address: 568DC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 568DC6 second address: 568DDE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F21E44F68B2h 0x00000010 jp 00007F21E44F68A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E4677 second address: 5E46A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F21E4512D69h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E46A0 second address: 5E46AA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F21E44F68A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E46AA second address: 5E46BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F21E4512D56h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E8FD5 second address: 5E8FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E8FD9 second address: 5E8FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F21E4512D5Dh 0x0000000d jmp 00007F21E4512D61h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5E8FFF second address: 5E9005 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F021C second address: 5F022C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F21E4512D56h 0x00000008 ja 00007F21E4512D56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F022C second address: 5F0231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F0231 second address: 5F0237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A8F30 second address: 5A8F36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A8F36 second address: 5A8F49 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c jns 00007F21E4512D56h 0x00000012 pop esi 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A937A second address: 5A937E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A937E second address: 5A9390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F21E4512D58h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9390 second address: 5A9396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A950E second address: 5A9512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9512 second address: 5A9532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 199DE6CEh 0x0000000e mov dx, 9A0Eh 0x00000012 push 5D86CE82h 0x00000017 jng 00007F21E44F68B0h 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A969A second address: 5A969E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A969E second address: 5A96AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9A09 second address: 5A9A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9A0D second address: 5A9A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9E2A second address: 5A9E54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F21E4512D61h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F21E4512D5Eh 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA18F second address: 5AA199 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA199 second address: 5AA1B3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E4512D58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jo 00007F21E4512D56h 0x00000019 pop esi 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA1B3 second address: 5AA1E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F21E44F68B9h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5AA2F2 second address: 592685 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F21E4512D58h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b xor dword ptr [ebp+156D347Dh], eax 0x00000011 lea eax, dword ptr [ebp+15870C87h] 0x00000017 adc edi, 4F2E15ACh 0x0000001d push eax 0x0000001e jg 00007F21E4512D5Eh 0x00000024 mov dword ptr [esp], eax 0x00000027 push 00000000h 0x00000029 push ecx 0x0000002a call 00007F21E4512D58h 0x0000002f pop ecx 0x00000030 mov dword ptr [esp+04h], ecx 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ecx 0x0000003d push ecx 0x0000003e ret 0x0000003f pop ecx 0x00000040 ret 0x00000041 movsx ecx, cx 0x00000044 call dword ptr [ebp+156D2B6Bh] 0x0000004a push eax 0x0000004b push edx 0x0000004c js 00007F21E4512D58h 0x00000052 push edx 0x00000053 pop edx 0x00000054 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF3F9 second address: 5EF41B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B1h 0x00000007 jmp 00007F21E44F68ADh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF41B second address: 5EF421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF421 second address: 5EF425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF5AC second address: 5EF5B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF6DE second address: 5EF6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF6E4 second address: 5EF6E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EF844 second address: 5EF848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EFAE6 second address: 5EFAEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EFAEA second address: 5EFB0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F21E44F68A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F21E44F68B5h 0x00000012 pop edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5EFB0D second address: 5EFB12 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F1873 second address: 5F1894 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F21E44F68AEh 0x00000008 jnc 00007F21E44F68A6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F21E44F68ADh 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F37E6 second address: 5F37EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F37EA second address: 5F37F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F395E second address: 5F3964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F3964 second address: 5F3973 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F61D5 second address: 5F6207 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F21E4512D58h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F21E4512D66h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F21E4512D5Eh 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F6399 second address: 5F63BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F21E44F68B3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jo 00007F21E44F68BAh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F63BE second address: 5F63C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F21E4512D56h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F667A second address: 5F66CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68B2h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jo 00007F21E44F68A6h 0x00000013 jmp 00007F21E44F68B9h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F21E44F68B0h 0x00000022 push eax 0x00000023 push edx 0x00000024 push edx 0x00000025 pop edx 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F66CC second address: 5F66D6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F66D6 second address: 5F66DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F66DC second address: 5F66E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F66E0 second address: 5F66E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FA775 second address: 5FA77D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F9F7C second address: 5F9F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F9F80 second address: 5F9F8C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 js 00007F21E4512D56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5F9F8C second address: 5F9FA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F21E44F68B6h 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FFD32 second address: 5FFD4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FE6F3 second address: 5FE6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FEAAE second address: 5FEACF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jne 00007F21E4512D56h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 jl 00007F21E4512D5Eh 0x00000019 pushad 0x0000001a popad 0x0000001b jno 00007F21E4512D56h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FEC65 second address: 5FECA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B9h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F21E44F68B3h 0x00000011 jp 00007F21E44F68A6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5A9D3C second address: 5A9D42 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FF0D0 second address: 5FF0D8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FFA0F second address: 5FFA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 5FFA14 second address: 5FFA29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B0h 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 602FA7 second address: 602FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E4512D5Ah 0x00000009 pop esi 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 602FB6 second address: 602FD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 jmp 00007F21E44F68ABh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F21E44F68A6h 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 602FD7 second address: 602FDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 602FDD second address: 602FE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6032DC second address: 6032E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6032E2 second address: 6032F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F21E44F68ADh 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6032F5 second address: 6032FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6032FB second address: 60331D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F21E44F68B5h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60A8F7 second address: 60A930 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F21E4512D61h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F21E4512D5Ch 0x00000013 jmp 00007F21E4512D63h 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60A930 second address: 60A940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F21E44F68A6h 0x0000000a je 00007F21E44F68A6h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60A940 second address: 60A949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60AC22 second address: 60AC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F21E44F68ACh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60AC33 second address: 60AC37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60AC37 second address: 60AC3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60AC3C second address: 60AC48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F21E4512D56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60AC48 second address: 60AC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B1E4 second address: 60B1FC instructions: 0x00000000 rdtsc 0x00000002 je 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F21E4512D5Eh 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B1FC second address: 60B202 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B6F4 second address: 60B6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B6F8 second address: 60B704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F21E44F68A6h 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B704 second address: 60B716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F21E4512D79h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B716 second address: 60B720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F21E44F68A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60B720 second address: 60B72F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60BCE3 second address: 60BD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F21E44F68AEh 0x00000010 jmp 00007F21E44F68B3h 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 60BFF8 second address: 60C006 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 613A0B second address: 613A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 613A12 second address: 613A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 js 00007F21E4512D56h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F21E4512D56h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 613EAF second address: 613EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 613EB3 second address: 613EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jnl 00007F21E4512D56h 0x0000000d jbe 00007F21E4512D56h 0x00000013 pop edi 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6145C1 second address: 6145E7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F21E44F68BEh 0x00000008 jmp 00007F21E44F68B8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61C9A2 second address: 61C9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61CC1B second address: 61CC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61CC2C second address: 61CC32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61CF26 second address: 61CF41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D1DA second address: 61D1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F21E4512D56h 0x0000000a pop edx 0x0000000b jbe 00007F21E4512D64h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D1F9 second address: 61D206 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D206 second address: 61D20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D35A second address: 61D385 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F21E44F68BDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F21E44F68A6h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D385 second address: 61D389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D389 second address: 61D3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68B2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D3A1 second address: 61D3A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61D3A9 second address: 61D3AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61E1EA second address: 61E1EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 61E1EE second address: 61E1F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6220B5 second address: 6220BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 625989 second address: 62598D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 62598D second address: 625995 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 625995 second address: 62599B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 62599B second address: 6259A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6259A1 second address: 6259BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6259BB second address: 6259C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6259C1 second address: 6259C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6259C5 second address: 6259C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 62F83F second address: 62F845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 62F845 second address: 62F849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 635B53 second address: 635B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 635B5E second address: 635B6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F21E4512D56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 635B6A second address: 635B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F21E44F68BCh 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 635B8E second address: 635BA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F21E4512D5Bh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 638051 second address: 63805E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F21E44F68A6h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63805E second address: 63806B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63806B second address: 638074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 638074 second address: 638078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 637D5F second address: 637D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 637D63 second address: 637D84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F21E4512D56h 0x00000009 jbe 00007F21E4512D56h 0x0000000f jmp 00007F21E4512D5Dh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 637D84 second address: 637D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 637D88 second address: 637D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 637D8C second address: 637D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63D253 second address: 63D257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63D257 second address: 63D25D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63D25D second address: 63D26D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F21E4512D56h 0x0000000a jbe 00007F21E4512D56h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 63D26D second address: 63D271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 647BA4 second address: 647BA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64A540 second address: 64A55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007F21E44F68B7h 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64A55C second address: 64A575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D63h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64A575 second address: 64A579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 65095D second address: 6509AA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F21E4512D56h 0x00000008 jmp 00007F21E4512D5Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jmp 00007F21E4512D5Fh 0x00000015 pop edi 0x00000016 jmp 00007F21E4512D60h 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007F21E4512D56h 0x00000023 jmp 00007F21E4512D5Bh 0x00000028 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64F31A second address: 64F324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F21E44F68A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64F324 second address: 64F328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64F766 second address: 64F76B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 64FCBB second address: 64FCD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D69h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6546F0 second address: 65471B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F21E44F68BFh 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F21E44F68A6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 65471B second address: 65471F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 664553 second address: 664559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 664559 second address: 664568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007F21E4512D5Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 664407 second address: 66440D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 66440D second address: 664411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 664411 second address: 664417 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 65FE07 second address: 65FE0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 65FE0B second address: 65FE11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 671A38 second address: 671A56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F21E4512D60h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F21E4512D56h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67176D second address: 67178E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F21E44F68B4h 0x0000000f push esi 0x00000010 ja 00007F21E44F68A6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677393 second address: 6773BC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F21E4512D5Fh 0x00000008 pop edx 0x00000009 jnp 00007F21E4512D5Ah 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007F21E4512D58h 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677680 second address: 6776BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F21E44F68B9h 0x0000000a jmp 00007F21E44F68ABh 0x0000000f popad 0x00000010 pushad 0x00000011 push edi 0x00000012 jns 00007F21E44F68A6h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b jng 00007F21E44F68A6h 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677C76 second address: 677C81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F21E4512D56h 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677E0D second address: 677E11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677E11 second address: 677E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F21E4512D56h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677E21 second address: 677E40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F21E44F68D3h 0x0000000e jmp 00007F21E44F68AEh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 677FF2 second address: 677FF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67816B second address: 67817A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68AAh 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 6782DF second address: 678305 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F21E4512D56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F21E4512D60h 0x00000010 ja 00007F21E4512D56h 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 678305 second address: 67830F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F21E44F68A6h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B327 second address: 67B33C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B42C second address: 67B455 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F21E44F68ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F21E44F68B6h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B455 second address: 67B48D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jng 00007F21E4512D67h 0x00000013 jng 00007F21E4512D61h 0x00000019 jmp 00007F21E4512D5Bh 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jnc 00007F21E4512D56h 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B48D second address: 67B497 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F21E44F68A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B497 second address: 67B4B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B4B5 second address: 67B4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B6DA second address: 67B6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67B6DE second address: 67B6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E8C8 second address: 67E8CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E8CC second address: 67E8DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F21E44F68A6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E8DC second address: 67E8E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F21E4512D56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E8E7 second address: 67E903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F21E44F68AFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F21E44F68A6h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E903 second address: 67E907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E907 second address: 67E929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F21E44F68A8h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F21E44F68B0h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E4B8 second address: 67E4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 67E4C0 second address: 67E4C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 402CE0 second address: 402CE0 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 mov ebp, esp 0x00000005 push ebx 0x00000006 push edi 0x00000007 push esi 0x00000008 imul eax, eax, 001E7319h 0x0000000e add eax, 3CFB5543h 0x00000013 rcr eax, 10h 0x00000016 add eax, esi 0x00000018 imul eax, edi 0x0000001b xor edx, edx 0x0000001d mul dword ptr [ebp+08h] 0x00000020 mov eax, edx 0x00000022 pop esi 0x00000023 pop edi 0x00000024 pop ebx 0x00000025 leave 0x00000026 retn 0004h 0x00000029 lea eax, dword ptr [eax+00000300h] 0x0000002f push eax 0x00000030 push 00405BFCh 0x00000035 call 00007F21E4514725h 0x0000003a push ebp 0x0000003b mov ebp, esp 0x0000003d push ebx 0x0000003e push edi 0x0000003f push esi 0x00000040 mov edi, dword ptr [ebp+08h] 0x00000043 push 000000FFh 0x00000048 call 00007F21E451302Eh 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920671 second address: 4920677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920677 second address: 492067B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492067B second address: 492067F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900636 second address: 4900653 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900653 second address: 490066F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920813 second address: 4920817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490066F second address: 4900673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920817 second address: 4920865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F21E4512D60h 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov dl, 9Dh 0x00000015 pushfd 0x00000016 jmp 00007F21E4512D66h 0x0000001b jmp 00007F21E4512D65h 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920865 second address: 492086B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492086B second address: 492086F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900673 second address: 4900679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900679 second address: 49006A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushfd 0x0000000f jmp 00007F21E4512D5Bh 0x00000014 jmp 00007F21E4512D63h 0x00000019 popfd 0x0000001a popad 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49006A8 second address: 49006D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F21E44F68ADh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49006D5 second address: 49006DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49007D0 second address: 490086A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 5ACED68Ah 0x0000000e jmp 00007F21E44F68B1h 0x00000013 xchg eax, edi 0x00000014 jmp 00007F21E44F68AEh 0x00000019 push eax 0x0000001a jmp 00007F21E44F68ABh 0x0000001f xchg eax, edi 0x00000020 jmp 00007F21E44F68B6h 0x00000025 xchg eax, edi 0x00000026 pushad 0x00000027 pushad 0x00000028 mov bx, cx 0x0000002b call 00007F21E44F68B8h 0x00000030 pop ecx 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 pushfd 0x00000035 jmp 00007F21E44F68B1h 0x0000003a xor ch, FFFFFFD6h 0x0000003d jmp 00007F21E44F68B1h 0x00000042 popfd 0x00000043 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490086A second address: 490088C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F21E4512D68h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490088C second address: 49008C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F21E44F68ACh 0x00000009 jmp 00007F21E44F68B5h 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xchg eax, edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F21E44F68ADh 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49008C5 second address: 49008CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49008CB second address: 49008CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49008CF second address: 49008E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000003h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007F21E4512D5Bh 0x00000012 pop eax 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490098A second address: 49009FF instructions: 0x00000000 rdtsc 0x00000002 mov eax, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, edx 0x00000008 popad 0x00000009 retn 0008h 0x0000000c mov dword ptr [ebp-34h], eax 0x0000000f push 00007F01h 0x00000014 push 00000000h 0x00000016 call 00007F21E44F8452h 0x0000001b jmp 00007F21E89F4112h 0x00000020 mov edi, edi 0x00000022 pushad 0x00000023 pushad 0x00000024 movsx ebx, ax 0x00000027 mov eax, 09FE516Bh 0x0000002c popad 0x0000002d pushfd 0x0000002e jmp 00007F21E44F68B0h 0x00000033 or si, 9FF8h 0x00000038 jmp 00007F21E44F68ABh 0x0000003d popfd 0x0000003e popad 0x0000003f xchg eax, ebp 0x00000040 pushad 0x00000041 movzx ecx, dx 0x00000044 pushfd 0x00000045 jmp 00007F21E44F68B1h 0x0000004a adc ax, 3496h 0x0000004f jmp 00007F21E44F68B1h 0x00000054 popfd 0x00000055 popad 0x00000056 push eax 0x00000057 pushad 0x00000058 mov dx, B9D2h 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49009FF second address: 4900A40 instructions: 0x00000000 rdtsc 0x00000002 mov ah, bl 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F21E4512D5Eh 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 mov ax, AD3Dh 0x00000014 pushfd 0x00000015 jmp 00007F21E4512D5Ah 0x0000001a and ax, 3F18h 0x0000001f jmp 00007F21E4512D5Bh 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900A40 second address: 4900A44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900A44 second address: 4900A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900A4A second address: 4900AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F21E44F68B8h 0x00000009 xor eax, 427BE0A8h 0x0000000f jmp 00007F21E44F68ABh 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F21E44F68AFh 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 mov edi, ecx 0x00000024 call 00007F21E44F68B0h 0x00000029 pop ebx 0x0000002a popad 0x0000002b xchg eax, edi 0x0000002c jmp 00007F21E44F68ACh 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F21E44F68ACh 0x0000003b or cl, FFFFFF98h 0x0000003e jmp 00007F21E44F68ABh 0x00000043 popfd 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900AD3 second address: 4900B1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F21E4512D66h 0x0000000f sub edi, edi 0x00000011 jmp 00007F21E4512D61h 0x00000016 test dword ptr [ebp+0Ch], FFFF0000h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B1D second address: 4900B21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B21 second address: 4900B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B25 second address: 4900B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B2B second address: 4900B31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B31 second address: 4900B83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F225655C98Dh 0x0000000e pushad 0x0000000f pushad 0x00000010 mov bx, 80F6h 0x00000014 mov edi, 4AFCB682h 0x00000019 popad 0x0000001a popad 0x0000001b mov edx, dword ptr [ebp+0Ch] 0x0000001e pushad 0x0000001f jmp 00007F21E44F68AFh 0x00000024 mov ax, 66DFh 0x00000028 popad 0x00000029 mov ecx, dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d call 00007F21E44F68B0h 0x00000032 mov si, DBE1h 0x00000036 pop ecx 0x00000037 push eax 0x00000038 push edx 0x00000039 mov bx, A160h 0x0000003d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900B83 second address: 4900BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push C048A17Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F21E4512D5Ah 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BB2 second address: 4900BB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BB8 second address: 4900BBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BBC second address: 4900BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 3FB7DEC1h 0x0000000f pushad 0x00000010 mov dl, 7Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BD0 second address: 4900BDE instructions: 0x00000000 rdtsc 0x00000002 mov esi, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BDE second address: 4900BEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900BEF second address: 4900C5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c pushad 0x0000000d mov cl, B4h 0x0000000f pushfd 0x00000010 jmp 00007F21E4512D69h 0x00000015 xor ecx, 02637936h 0x0000001b jmp 00007F21E4512D61h 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F21E4512D68h 0x0000002c rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900C5A second address: 4900C69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900CB7 second address: 4900CBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900CBB second address: 4900CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49000BD second address: 49000C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49000C1 second address: 49000C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49000C7 second address: 4900110 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F21E4512D66h 0x00000011 sub edx, edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F21E4512D5Ah 0x0000001b mov eax, 5A6D9611h 0x00000020 popad 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900110 second address: 4900132 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900132 second address: 4900138 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900138 second address: 49001B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F21E44F68AFh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F21E44F68AFh 0x00000013 and ch, 0000000Eh 0x00000016 jmp 00007F21E44F68B9h 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F21E44F68B0h 0x00000022 xor esi, 11BCE488h 0x00000028 jmp 00007F21E44F68ABh 0x0000002d popfd 0x0000002e popad 0x0000002f xchg eax, esi 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F21E44F68B5h 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001B8 second address: 49001BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001BE second address: 49001C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001C2 second address: 49001E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001E2 second address: 49001E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001E6 second address: 49001EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49001EC second address: 490020B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F21E44F68AEh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490020B second address: 49002A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F21E4512D64h 0x00000011 sub cx, 8E08h 0x00000016 jmp 00007F21E4512D5Bh 0x0000001b popfd 0x0000001c mov eax, 1CE24C7Fh 0x00000021 popad 0x00000022 push 00000009h 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F21E4512D60h 0x0000002b adc ax, B068h 0x00000030 jmp 00007F21E4512D5Bh 0x00000035 popfd 0x00000036 movzx esi, bx 0x00000039 popad 0x0000003a pop ecx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F21E4512D68h 0x00000044 sbb si, 2DF8h 0x00000049 jmp 00007F21E4512D5Bh 0x0000004e popfd 0x0000004f popad 0x00000050 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49002A0 second address: 49002B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E44F68B4h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49002B8 second address: 49002E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea esi, dword ptr [eax+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F21E4512D65h 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49002E3 second address: 4900314 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bh, 84h 0x00000010 jmp 00007F21E44F68B4h 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900314 second address: 4900358 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 pushfd 0x00000007 jmp 00007F21E4512D5Dh 0x0000000c or eax, 1F6F86B6h 0x00000012 jmp 00007F21E4512D61h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push 00000001h 0x0000001d pushad 0x0000001e push eax 0x0000001f mov eax, edi 0x00000021 pop ebx 0x00000022 mov bx, cx 0x00000025 popad 0x00000026 lea edi, dword ptr [esp+14h] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900358 second address: 490035E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490035E second address: 49003C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 2287h 0x00000007 pushfd 0x00000008 jmp 00007F21E4512D5Ch 0x0000000d sub ecx, 06609C38h 0x00000013 jmp 00007F21E4512D5Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c rep movsd 0x0000001e rep movsd 0x00000020 rep movsd 0x00000022 rep movsd 0x00000024 rep movsd 0x00000026 rep movsd 0x00000028 rep movsd 0x0000002a rep movsd 0x0000002c rep movsd 0x0000002e jmp 00007F21E4512D66h 0x00000033 and dword ptr [esp+38h], 00000000h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov bx, A0B0h 0x0000003f call 00007F21E4512D69h 0x00000044 pop esi 0x00000045 popad 0x00000046 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49003C6 second address: 490049E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea ecx, dword ptr [esp+0Ch] 0x0000000d jmp 00007F21E44F68B0h 0x00000012 push E2A14845h 0x00000017 pushad 0x00000018 jmp 00007F21E44F68B7h 0x0000001d jmp 00007F21E44F68B8h 0x00000022 popad 0x00000023 add dword ptr [esp], 1D5EB83Bh 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F21E44F68AEh 0x00000031 sbb esi, 17056018h 0x00000037 jmp 00007F21E44F68ABh 0x0000003c popfd 0x0000003d popad 0x0000003e push 00000000h 0x00000040 pushad 0x00000041 pushfd 0x00000042 jmp 00007F21E44F68ABh 0x00000047 and esi, 3CFB84DEh 0x0000004d jmp 00007F21E44F68B9h 0x00000052 popfd 0x00000053 mov dx, si 0x00000056 popad 0x00000057 mov dword ptr [esp+18h], eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F21E44F68B9h 0x00000062 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490049E second address: 49004AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D5Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49004F7 second address: 4900514 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900514 second address: 490051A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490051A second address: 4900529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900529 second address: 490052D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490052D second address: 4900533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900533 second address: 490054D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D66h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 490054D second address: 4900551 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4900551 second address: 49005C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a pushad 0x0000000b mov esi, edi 0x0000000d jmp 00007F21E4512D69h 0x00000012 popad 0x00000013 pop ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 call 00007F21E4512D63h 0x0000001c pop ecx 0x0000001d pushfd 0x0000001e jmp 00007F21E4512D69h 0x00000023 add si, 1F66h 0x00000028 jmp 00007F21E4512D61h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49005C2 second address: 49005D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E44F68ACh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49005D2 second address: 4920008 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b push 00000000h 0x0000000d push dword ptr [ebp-04h] 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push 00000096h 0x00000019 push 000001F4h 0x0000001e push FFFFFC18h 0x00000023 push FFFFFC18h 0x00000028 push 00C80000h 0x0000002d lea eax, dword ptr [ebp-0000014Ch] 0x00000033 push eax 0x00000034 lea eax, dword ptr [ebp-0000024Ch] 0x0000003a push eax 0x0000003b push 00000080h 0x00000040 call 00007F21E451488Bh 0x00000045 jmp 00007F21E8A2FC56h 0x0000004a mov edi, edi 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920008 second address: 492000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492000C second address: 4920027 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920027 second address: 4920076 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F21E44F68B5h 0x0000000b adc eax, 0AFC6826h 0x00000011 jmp 00007F21E44F68B1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F21E44F68AEh 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 mov bx, ax 0x00000029 popad 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920076 second address: 49200A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F21E4512D65h 0x00000009 sbb eax, 2EE9AAE6h 0x0000000f jmp 00007F21E4512D61h 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49200A9 second address: 4920154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov esi, 0D9204E9h 0x0000000e pushad 0x0000000f mov esi, 580D122Bh 0x00000014 pushfd 0x00000015 jmp 00007F21E44F68B0h 0x0000001a sbb cx, 21B8h 0x0000001f jmp 00007F21E44F68ABh 0x00000024 popfd 0x00000025 popad 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007F21E44F68B6h 0x0000002e sub eax, eax 0x00000030 pushad 0x00000031 movsx edi, si 0x00000034 call 00007F21E44F68B8h 0x00000039 mov ch, C1h 0x0000003b pop edi 0x0000003c popad 0x0000003d mov edx, dword ptr [ebp+0Ch] 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 pushfd 0x00000044 jmp 00007F21E44F68AFh 0x00000049 xor ax, 263Eh 0x0000004e jmp 00007F21E44F68B9h 0x00000053 popfd 0x00000054 mov di, ax 0x00000057 popad 0x00000058 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920154 second address: 492015A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492015A second address: 492015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492015E second address: 492016E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dl, 29h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492016E second address: 4920173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920173 second address: 4920179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920179 second address: 492019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F21E44F68B6h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492019C second address: 4920227 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F21E4512D61h 0x00000009 jmp 00007F21E4512D5Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F21E4512D68h 0x00000015 or esi, 14DBAA58h 0x0000001b jmp 00007F21E4512D5Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 nop 0x00000025 pushad 0x00000026 mov al, D1h 0x00000028 mov ecx, ebx 0x0000002a popad 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007F21E4512D5Fh 0x00000035 sub esi, 7BC53DCEh 0x0000003b jmp 00007F21E4512D69h 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920227 second address: 492027D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F21E44F68AEh 0x0000000f push 61841ADAh 0x00000014 jmp 00007F21E44F68B1h 0x00000019 xor dword ptr [esp], 21841ADBh 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F21E44F68B3h 0x00000028 mov ch, 7Ah 0x0000002a popad 0x0000002b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492027D second address: 49202A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push esi 0x0000000c movsx ebx, cx 0x0000000f pop ecx 0x00000010 mov dl, 56h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49202A4 second address: 49202A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49202A8 second address: 49202AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49202AE second address: 49202E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F21E44F68B8h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49202E4 second address: 49202F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49202F3 second address: 4920351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, D0CAh 0x00000007 call 00007F21E44F68ABh 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push dword ptr [ebp+34h] 0x00000013 pushad 0x00000014 mov ax, di 0x00000017 pushfd 0x00000018 jmp 00007F21E44F68B1h 0x0000001d jmp 00007F21E44F68ABh 0x00000022 popfd 0x00000023 popad 0x00000024 mov ecx, dword ptr [ebp+08h] 0x00000027 jmp 00007F21E44F68B6h 0x0000002c push dword ptr [ebp+30h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920351 second address: 4920355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4920355 second address: 492035B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492035B second address: 492036A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D5Bh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 492036A second address: 49203B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+2Ch] 0x0000000e jmp 00007F21E44F68AEh 0x00000013 push dword ptr [ebp+28h] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F21E44F68B7h 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49203B6 second address: 49203CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F21E4512D64h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49203CE second address: 4920454 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+24h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F21E44F68B3h 0x00000013 add ax, 3BAEh 0x00000018 jmp 00007F21E44F68B9h 0x0000001d popfd 0x0000001e movzx ecx, bx 0x00000021 popad 0x00000022 push edi 0x00000023 mov si, EF2Fh 0x00000027 pop eax 0x00000028 popad 0x00000029 push dword ptr [ebp+20h] 0x0000002c pushad 0x0000002d mov di, 93D4h 0x00000031 jmp 00007F21E44F68ADh 0x00000036 popad 0x00000037 push dword ptr [ebp+1Ch] 0x0000003a jmp 00007F21E44F68AEh 0x0000003f push dword ptr [ebp+18h] 0x00000042 pushad 0x00000043 call 00007F21E44F68AEh 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910ACA second address: 4910AE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910AE7 second address: 4910AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910AEB second address: 4910B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910B08 second address: 4910B43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F21E44F68B7h 0x00000008 mov ax, D70Fh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bh, ch 0x00000015 jmp 00007F21E44F68B3h 0x0000001a popad 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910B43 second address: 4910B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910B49 second address: 4910B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910B4D second address: 4910BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F21E4512D67h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 pushfd 0x00000015 jmp 00007F21E4512D60h 0x0000001a and eax, 73480D78h 0x00000020 jmp 00007F21E4512D5Bh 0x00000025 popfd 0x00000026 popad 0x00000027 push 00000001h 0x00000029 pushad 0x0000002a mov cl, 74h 0x0000002c popad 0x0000002d push 00000000h 0x0000002f jmp 00007F21E4512D5Ah 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F21E4512D67h 0x0000003d rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910BC4 second address: 4910C13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007F21E44F68AEh 0x00000011 sub edx, edx 0x00000013 jmp 00007F21E44F68B1h 0x00000018 sub ecx, ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F21E44F68AAh 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 49101A5 second address: 4910234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F21E4512D5Fh 0x00000009 sbb ecx, 5A6FB72Eh 0x0000000f jmp 00007F21E4512D69h 0x00000014 popfd 0x00000015 mov esi, 0F5655B7h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov edi, dword ptr [ebp+08h] 0x00000020 pushad 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 mov cl, 7Ch 0x00000026 popad 0x00000027 pushfd 0x00000028 jmp 00007F21E4512D61h 0x0000002d sub esi, 742D8616h 0x00000033 jmp 00007F21E4512D61h 0x00000038 popfd 0x00000039 popad 0x0000003a movzx eax, di 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F21E4512D68h 0x00000046 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910234 second address: 4910238 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910238 second address: 491023E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 491023E second address: 491026A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 call 00007F21E44F68B9h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp ebx, dword ptr [ecx+0Ch] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 491026A second address: 491026E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 491026E second address: 4910274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 4910274 second address: 49102CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F225654D158h 0x00000010 jmp 00007F21E4512D69h 0x00000015 ja 00007F225654D1B4h 0x0000001b jmp 00007F21E4512D5Eh 0x00000020 cmp eax, dword ptr [ecx+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F21E4512D67h 0x0000002a rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0055 second address: 48F007E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F21E44F68B4h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F007E second address: 48F0090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 mov ebx, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov esi, edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0090 second address: 48F00DA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F21E44F68B7h 0x00000008 jmp 00007F21E44F68B3h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 call 00007F21E44F68B8h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F00DA second address: 48F0120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F21E4512D63h 0x00000013 and eax, 1CB9053Eh 0x00000019 jmp 00007F21E4512D69h 0x0000001e popfd 0x0000001f mov ax, 9087h 0x00000023 popad 0x00000024 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0120 second address: 48F0126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F01ED second address: 48F0213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov si, DA19h 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0213 second address: 48F0267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F21E44F68B5h 0x00000009 pushfd 0x0000000a jmp 00007F21E44F68B0h 0x0000000f add eax, 670ADAD8h 0x00000015 jmp 00007F21E44F68ABh 0x0000001a popfd 0x0000001b pop esi 0x0000001c popad 0x0000001d mov esi, edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F21E44F68B2h 0x00000026 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0267 second address: 48F02CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-1Ch], esi 0x0000000c pushad 0x0000000d call 00007F21E4512D64h 0x00000012 pushfd 0x00000013 jmp 00007F21E4512D62h 0x00000018 xor ecx, 38C99EC8h 0x0000001e jmp 00007F21E4512D5Bh 0x00000023 popfd 0x00000024 pop ecx 0x00000025 mov di, A90Ch 0x00000029 popad 0x0000002a mov ecx, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F21E4512D5Dh 0x00000035 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F02CC second address: 48F02E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E44F68B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F02E1 second address: 48F0326 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or ecx, esi 0x0000000b jmp 00007F21E4512D5Eh 0x00000010 je 00007F2256556791h 0x00000016 jmp 00007F21E4512D60h 0x0000001b and dword ptr [ebp-04h], 00000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0326 second address: 48F032C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F032C second address: 48F0388 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+10h] 0x0000000c pushad 0x0000000d jmp 00007F21E4512D5Eh 0x00000012 movzx eax, di 0x00000015 popad 0x00000016 test edi, edi 0x00000018 pushad 0x00000019 jmp 00007F21E4512D63h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F21E4512D66h 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F0388 second address: 48F03BF instructions: 0x00000000 rdtsc 0x00000002 mov edi, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007F225653A23Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov bx, B34Ch 0x00000014 pushfd 0x00000015 jmp 00007F21E44F68B5h 0x0000001a jmp 00007F21E44F68ABh 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F03BF second address: 48F03C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F03C5 second address: 48F03C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F03C9 second address: 48F0466 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebx+00000080h] 0x0000000e jmp 00007F21E4512D67h 0x00000013 mov edx, dword ptr [ebx+00000084h] 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F21E4512D64h 0x00000020 adc si, F428h 0x00000025 jmp 00007F21E4512D5Bh 0x0000002a popfd 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F21E4512D66h 0x00000032 jmp 00007F21E4512D65h 0x00000037 popfd 0x00000038 mov esi, 35F33EF7h 0x0000003d popad 0x0000003e popad 0x0000003f mov eax, ecx 0x00000041 jmp 00007F21E4512D5Ah 0x00000046 or eax, edx 0x00000048 pushad 0x00000049 push eax 0x0000004a push edx 0x0000004b mov esi, 7867C783h 0x00000050 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F04B0 second address: 48F04B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F04B6 second address: 48F04CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F21E4512D5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F04CD second address: 48F04D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F04D1 second address: 48F04D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeRDTSC instruction interceptor: First address: 48F04D7 second address: 48F04DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Tries to evade debugger and weak emulator (self modifying code)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSpecial instruction interceptor: First address: 40BA79 instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSpecial instruction interceptor: First address: 40B9A5 instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSpecial instruction interceptor: First address: 5A126E instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSpecial instruction interceptor: First address: 62AD79 instructions caused by: Self-modifying code
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSpecial instruction interceptor: First address: 40BA79 instructions caused by: Self-modifying code
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSpecial instruction interceptor: First address: 40B9A5 instructions caused by: Self-modifying code
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSpecial instruction interceptor: First address: 5A126E instructions caused by: Self-modifying code
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeSpecial instruction interceptor: First address: 62AD79 instructions caused by: Self-modifying code
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeCode function: 0_2_04910593 rdtsc 0_2_04910593
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow / User API: threadDelayed 984Jump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeWindow / User API: threadDelayed 7569Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep count: 47 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep count: 78 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep count: 51 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep count: 52 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep count: 48 > 30Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe TID: 3648Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 1456Thread sleep time: -154077s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 7140Thread sleep time: -136068s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 64Thread sleep time: -32000s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 2192Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 6496Thread sleep time: -1968984s >= -30000sJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exe TID: 6496Thread sleep time: -15145569s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeThread delayed: delay time: 60000Jump to behavior
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, 00000000.00000002.2193087490.0000000000581000.00000040.00000001.01000000.00000003.sdmp, vjnihhj.exe, vjnihhj.exe, 00000002.00000002.4628294508.0000000000581000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, 00000000.00000002.2193087490.0000000000581000.00000040.00000001.01000000.00000003.sdmp, vjnihhj.exe, 00000002.00000002.4628294508.0000000000581000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
          Source: vjnihhj.exe, 00000002.00000002.4629177659.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeThread information set: HideFromDebuggerJump to behavior
          Potentially malicious time measurement code found
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeCode function: 0_2_04910222 Start: 049102CD End: 0491023E0_2_04910222
          Tries to detect sandboxes and other dynamic analysis tools (window names)
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: regmonclass
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: gbdyllo
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: procmon_window_class
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: ollydbg
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: filemonclass
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeFile opened: NTICE
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeFile opened: SICE
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeFile opened: SIWVID
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeProcess queried: DebugPortJump to behavior
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exeCode function: 0_2_04910593 rdtsc 0_2_04910593
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeCode function: 2_2_00402D09 LdrLoadDll,2_2_00402D09
          Source: C:\ProgramData\hlrxnb\vjnihhj.exeCode function: 2_2_00402D09 mov eax, dword ptr fs:[00000030h]2_2_00402D09
          Source: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe, 00000000.00000002.2193087490.0000000000581000.00000040.00000001.01000000.00000003.sdmp, vjnihhj.exe, vjnihhj.exe, 00000002.00000002.4628294508.0000000000581000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: Program Manager

          Stealing of Sensitive Information

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000002.00000003.2226309886.00000000025A4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2186826289.0000000004754000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe PID: 2620, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: vjnihhj.exe PID: 4208, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected SystemBC
          Source: Yara matchFile source: 00000002.00000003.2226309886.00000000025A4000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.2186826289.0000000004754000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.MulDrop29.15967.25640.16156.exe PID: 2620, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: vjnihhj.exe PID: 4208, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Command and Scripting Interpreter          		1
          Scheduled Task/Job          		2
          Process Injection          		1
          Masquerading          		OS Credential Dumping741
          Security Software Discovery          		Remote ServicesData from Local System1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Scheduled Task/Job          		1
          DLL Side-Loading          		1
          Scheduled Task/Job          		241
          Virtualization/Sandbox Evasion          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		2
          Process Injection          		Security Account Manager241
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Obfuscated Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture122
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
          Software Packing          		LSA Secrets22
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.