Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB667C |
1_2_03CB667C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB97C8 |
1_2_03CB97C8 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB03CC |
1_2_03CB03CC |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB11D3 |
1_2_03CB11D3 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB41D3 |
1_2_03CB41D3 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4FD3 |
1_2_03CB4FD3 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBA3EE |
1_2_03CBA3EE |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBA3EC |
1_2_03CBA3EC |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB53FB |
1_2_03CB53FB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB13F6 |
1_2_03CB13F6 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB6380 |
1_2_03CB6380 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9580 |
1_2_03CB9580 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBAD9D |
1_2_03CBAD9D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB499D |
1_2_03CB499D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2FAB |
1_2_03CB2FAB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9FAB |
1_2_03CB9FAB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBADAB |
1_2_03CBADAB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBA1A8 |
1_2_03CBA1A8 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2DA1 |
1_2_03CB2DA1 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB23A7 |
1_2_03CB23A7 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9DBA |
1_2_03CB9DBA |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB49B7 |
1_2_03CB49B7 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0FB6 |
1_2_03CB0FB6 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0B47 |
1_2_03CB0B47 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB596E |
1_2_03CB596E |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4D6C |
1_2_03CB4D6C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0B63 |
1_2_03CB0B63 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB3163 |
1_2_03CB3163 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2379 |
1_2_03CB2379 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0376 |
1_2_03CB0376 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB1508 |
1_2_03CB1508 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB1102 |
1_2_03CB1102 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5718 |
1_2_03CB5718 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2B1F |
1_2_03CB2B1F |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB511C |
1_2_03CB511C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0F17 |
1_2_03CB0F17 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D29 |
1_2_03CB9D29 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4128 |
1_2_03CB4128 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBAF28 |
1_2_03CBAF28 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0930 |
1_2_03CB0930 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5534 |
1_2_03CB5534 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB08D9 |
1_2_03CB08D9 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9AD4 |
1_2_03CB9AD4 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB06EB |
1_2_03CB06EB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB12F4 |
1_2_03CB12F4 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2285 |
1_2_03CB2285 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBA09F |
1_2_03CBA09F |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5290 |
1_2_03CB5290 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9690 |
1_2_03CB9690 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5AAE |
1_2_03CB5AAE |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4EA2 |
1_2_03CB4EA2 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB8CA1 |
1_2_03CB8CA1 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB66A4 |
1_2_03CB66A4 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9EB8 |
1_2_03CB9EB8 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB8ABF |
1_2_03CB8ABF |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9ABD |
1_2_03CB9ABD |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB40B1 |
1_2_03CB40B1 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB584C |
1_2_03CB584C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5446 |
1_2_03CB5446 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB1667 |
1_2_03CB1667 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB947B |
1_2_03CB947B |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9478 |
1_2_03CB9478 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBAE7E |
1_2_03CBAE7E |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CBAE1E |
1_2_03CBAE1E |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB661D |
1_2_03CB661D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4627 |
1_2_03CB4627 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB1E39 |
1_2_03CB1E39 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB043C |
1_2_03CB043C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB3032 |
1_2_03CB3032 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4831 |
1_2_03CB4831 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0836 |
1_2_03CB0836 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5636 |
1_2_03CB5636 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4FD3 |
1_2_03CB4FD3 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB53FB |
1_2_03CB53FB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB499D |
1_2_03CB499D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2FAB |
1_2_03CB2FAB |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4D6C |
1_2_03CB4D6C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB3163 |
1_2_03CB3163 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB511C |
1_2_03CB511C |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB0F17 |
1_2_03CB0F17 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4128 |
1_2_03CB4128 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB2285 |
1_2_03CB2285 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB5290 |
1_2_03CB5290 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4EA2 |
1_2_03CB4EA2 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB40B1 |
1_2_03CB40B1 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9478 |
1_2_03CB9478 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB3032 |
1_2_03CB3032 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
RDTSC instruction interceptor: First address: 0000000003CB92C9 second address: 0000000003CB92C9 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 7305038Fh 0x00000007 sub eax, 428F9BE4h 0x0000000c xor eax, A94964F8h 0x00000011 add eax, 66C3FCAEh 0x00000016 cpuid 0x00000018 cmp bh, bh 0x0000001a popad 0x0000001b call 00007F7518B710E5h 0x00000020 lfence 0x00000023 mov edx, 89618492h 0x00000028 xor edx, A0F4BA61h 0x0000002e add edx, F6C4231Dh 0x00000034 xor edx, 5FA76204h 0x0000003a mov edx, dword ptr [edx] 0x0000003c lfence 0x0000003f cmp cl, bl 0x00000041 jmp 00007F7518B71104h 0x00000043 cmp edx, ecx 0x00000045 ret 0x00000046 sub edx, esi 0x00000048 ret 0x00000049 add edi, edx 0x0000004b nop 0x0000004c dec dword ptr [ebp+000000F8h] 0x00000052 cmp dword ptr [ebp+000000F8h], 00000000h 0x00000059 jne 00007F7518B710BBh 0x0000005b call 00007F7518B71184h 0x00000060 call 00007F7518B71108h 0x00000065 lfence 0x00000068 mov edx, 89618492h 0x0000006d xor edx, A0F4BA61h 0x00000073 add edx, F6C4231Dh 0x00000079 xor edx, 5FA76204h 0x0000007f mov edx, dword ptr [edx] 0x00000081 lfence 0x00000084 cmp cl, bl 0x00000086 jmp 00007F7518B71104h 0x00000088 cmp edx, ecx 0x0000008a ret 0x0000008b mov esi, edx 0x0000008d pushad 0x0000008e rdtsc |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB8DE9 mov eax, dword ptr fs:[00000030h] |
1_2_03CB8DE9 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB61AD mov eax, dword ptr fs:[00000030h] |
1_2_03CB61AD |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB87BC mov eax, dword ptr fs:[00000030h] |
1_2_03CB87BC |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D mov eax, dword ptr fs:[00000030h] |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D4D mov eax, dword ptr fs:[00000030h] |
1_2_03CB9D4D |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB9D29 mov eax, dword ptr fs:[00000030h] |
1_2_03CB9D29 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB4128 mov eax, dword ptr fs:[00000030h] |
1_2_03CB4128 |
Source: C:\Users\user\Desktop\http___2.56.59.76_alig.exe |
Code function: 1_2_03CB40B1 mov eax, dword ptr fs:[00000030h] |
1_2_03CB40B1 |
Source: http___2.56.59.76_alig.exe, 00000001.00000002.1157257404.0000000000DF0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: http___2.56.59.76_alig.exe, 00000001.00000002.1157257404.0000000000DF0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: http___2.56.59.76_alig.exe, 00000001.00000002.1157257404.0000000000DF0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: http___2.56.59.76_alig.exe, 00000001.00000002.1157257404.0000000000DF0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |