Click to jump to signature section
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: wtsapi32.dll |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: cryptbase.dll |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: winmm.dll |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: powrprof.dll |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Section loaded: umpdc.dll |
Source: tlw8Vv1OPD | Static PE information: section name: .vmp0 |
Source: tlw8Vv1OPD | Static PE information: section name: .symtab |
Source: tlw8Vv1OPD | Static PE information: section name: .vmp1 |
Source: tlw8Vv1OPD | Static PE information: section name: .vmp2 |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Memory written: PID: 4776 base: 7FFF4F430008 value: E9 EB D9 E9 FF |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Memory written: PID: 4776 base: 7FFF4F2CD9F0 value: E9 20 26 16 00 |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 000000000196178D second address: 0000000001961792 instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 pop esp 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F0BEC89Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F0DC9867h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 000000000135C7D7 second address: 000000000135C7DC instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 pop esp 0x00000004 pop ebx 0x00000005 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 00000000012B9F90 second address: 00000000012B9F94 instructions: 0x00000000 rdtsc 0x00000002 inc ecx 0x00000003 pop esi 0x00000004 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F14C4BACh 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F16A1B77h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F06EBC2Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F08C8BF7h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F1A1337Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F1BF0347h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F0C1181Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F0DEE7E7h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F1A07E3Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F1BE4E07h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F1A18E9Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F1BF5E67h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F1A1137Ch 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F1BEE347h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F0BDD1CCh 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F0DBA197h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F14C4EACh 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F16A1E77h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |
Source: C:\Users\user\Desktop\tlw8Vv1OPD.exe | RDTSC instruction interceptor: First address: 0000000001A6B9E7 second address: 0000000001A7F934 instructions: 0x00000000 rdtsc 0x00000002 cmc 0x00000003 popfd 0x00000004 inc ecx 0x00000005 pop ebp 0x00000006 inc bp 0x00000008 mov edx, ecx 0x0000000a dec ecx 0x0000000b arpl dx, bx 0x0000000d pop edx 0x0000000e dec ecx 0x0000000f movzx ebp, ax 0x00000012 inc ecx 0x00000013 not al 0x00000015 pop eax 0x00000016 dec esp 0x00000017 movzx ecx, bx 0x0000001a inc ecx 0x0000001b pop esi 0x0000001c inc ecx 0x0000001d xchg cl, bh 0x0000001f jmp 00007FA0F0BD67BCh 0x00000024 inc ecx 0x00000025 pop ebx 0x00000026 inc eax 0x00000027 not ch 0x00000029 dec esp 0x0000002a movzx edx, di 0x0000002d inc esp 0x0000002e movzx eax, ax 0x00000031 inc ecx 0x00000032 pop ecx 0x00000033 movzx bp, bl 0x00000037 inc ebp 0x00000038 movzx edx, bx 0x0000003b dec eax 0x0000003c movzx ebx, sp 0x0000003f inc ecx 0x00000040 pop eax 0x00000041 pop edi 0x00000042 pop ecx 0x00000043 inc cx 0x00000045 movsx ebp, ah 0x00000048 dec eax 0x00000049 bswap ebp 0x0000004b inc ecx 0x0000004c not edx 0x0000004e pop ebx 0x0000004f mov ebp, 393B192Eh 0x00000054 inc bp 0x00000056 movsx edx, bl 0x00000059 pop ebp 0x0000005a inc ecx 0x0000005b pop edx 0x0000005c jmp 00007FA0F0DB3787h 0x00000061 ret 0x00000062 popfd 0x00000063 rdtsc |